f122ccb9f1
- Disable patches with restrictive licenses by default - Update LICENSE - Fixup the fix for F-Droid building - 15.1: Fix forceencrypt on mako - 15.1: Fix crashes when accessing factory reset and development settings menus on devices without support for factory reset protection or oem unlocking
239 lines
9.7 KiB
Diff
239 lines
9.7 KiB
Diff
From 8d6cd259a90a009167c11a2f135cb9845a8f3e7f Mon Sep 17 00:00:00 2001
|
|
From: Daniel Micay <danielmicay@gmail.com>
|
|
Date: Thu, 14 Apr 2016 20:44:06 -0400
|
|
Subject: [PATCH] add deny_new_usb setting
|
|
|
|
Change-Id: If4ee98d636e1876ba546f8a5d562859e8ab7b931
|
|
---
|
|
res/values/arrays.xml | 16 +++++++++++++
|
|
res/values/strings.xml | 3 +++
|
|
res/xml/security_settings_chooser.xml | 8 +++++++
|
|
res/xml/security_settings_lockscreen.xml | 8 +++++++
|
|
res/xml/security_settings_password.xml | 8 +++++++
|
|
res/xml/security_settings_pattern.xml | 8 +++++++
|
|
res/xml/security_settings_pin.xml | 8 +++++++
|
|
src/com/android/settings/SecuritySettings.java | 31 +++++++++++++++++++++++++-
|
|
8 files changed, 89 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/res/values/arrays.xml b/res/values/arrays.xml
|
|
index 5e1a468f87..16a7300e96 100644
|
|
--- a/res/values/arrays.xml
|
|
+++ b/res/values/arrays.xml
|
|
@@ -1038,4 +1038,20 @@
|
|
<item>never</item>
|
|
</string-array>
|
|
|
|
+ <!-- Security Settings -->
|
|
+ <string-array name="deny_new_usb_entries">
|
|
+ <item>Disallow new USB peripherals</item>
|
|
+ <item>Allow new USB peripherals when unlocked</item>
|
|
+ <item>Allow new USB peripherals</item>
|
|
+ </string-array>
|
|
+
|
|
+ <!-- Do not translate. -->
|
|
+ <string-array name="deny_new_usb_values" translatable="false">
|
|
+ <!-- Do not translate. -->
|
|
+ <item>enabled</item>
|
|
+ <!-- Do not translate. -->
|
|
+ <item>dynamic</item>
|
|
+ <!-- Do not translate. -->
|
|
+ <item>disabled</item>
|
|
+ </string-array>
|
|
</resources>
|
|
diff --git a/res/values/strings.xml b/res/values/strings.xml
|
|
index 8265475a98..84ebf5d10b 100644
|
|
--- a/res/values/strings.xml
|
|
+++ b/res/values/strings.xml
|
|
@@ -9052,4 +9052,7 @@
|
|
|
|
<!-- Note displayed when certain features are not available on low ram devices. [CHAR LIMIT=NONE] -->
|
|
<string name="disabled_low_ram_device">This feature is not available on this device</string>
|
|
+
|
|
+ <string name="deny_new_usb_title">USB accessories</string>
|
|
+ <string name="deny_new_usb_summary">Control support for USB peripherals such as input (mice, keyboards, joysticks) and storage devices.</string>
|
|
</resources>
|
|
diff --git a/res/xml/security_settings_chooser.xml b/res/xml/security_settings_chooser.xml
|
|
index 067ebaba0d..2ba2b41006 100644
|
|
--- a/res/xml/security_settings_chooser.xml
|
|
+++ b/res/xml/security_settings_chooser.xml
|
|
@@ -33,6 +33,14 @@
|
|
android:title="@string/lockscreen_settings_title"
|
|
android:fragment="com.android.settings.security.LockscreenDashboardFragment"/>
|
|
|
|
+ <ListPreference
|
|
+ android:key="deny_new_usb"
|
|
+ android:title="@string/deny_new_usb_title"
|
|
+ android:summary="@string/deny_new_usb_summary"
|
|
+ android:persistent="false"
|
|
+ android:entries="@array/deny_new_usb_entries"
|
|
+ android:entryValues="@array/deny_new_usb_values" />
|
|
+
|
|
</PreferenceCategory>
|
|
|
|
</PreferenceScreen>
|
|
diff --git a/res/xml/security_settings_lockscreen.xml b/res/xml/security_settings_lockscreen.xml
|
|
index c141fb7c74..5181997c99 100644
|
|
--- a/res/xml/security_settings_lockscreen.xml
|
|
+++ b/res/xml/security_settings_lockscreen.xml
|
|
@@ -29,6 +29,14 @@
|
|
settings:keywords="@string/keywords_lockscreen"
|
|
android:persistent="false"/>
|
|
|
|
+ <ListPreference
|
|
+ android:key="deny_new_usb"
|
|
+ android:title="@string/deny_new_usb_title"
|
|
+ android:summary="@string/deny_new_usb_summary"
|
|
+ android:persistent="false"
|
|
+ android:entries="@array/deny_new_usb_entries"
|
|
+ android:entryValues="@array/deny_new_usb_values" />
|
|
+
|
|
</PreferenceCategory>
|
|
|
|
</PreferenceScreen>
|
|
diff --git a/res/xml/security_settings_password.xml b/res/xml/security_settings_password.xml
|
|
index 7de65f7cc0..2e8361f470 100644
|
|
--- a/res/xml/security_settings_password.xml
|
|
+++ b/res/xml/security_settings_password.xml
|
|
@@ -32,6 +32,14 @@
|
|
android:title="@string/lockscreen_settings_title"
|
|
android:fragment="com.android.settings.security.LockscreenDashboardFragment"/>
|
|
|
|
+ <ListPreference
|
|
+ android:key="deny_new_usb"
|
|
+ android:title="@string/deny_new_usb_title"
|
|
+ android:summary="@string/deny_new_usb_summary"
|
|
+ android:persistent="false"
|
|
+ android:entries="@array/deny_new_usb_entries"
|
|
+ android:entryValues="@array/deny_new_usb_values" />
|
|
+
|
|
</PreferenceCategory>
|
|
|
|
</PreferenceScreen>
|
|
diff --git a/res/xml/security_settings_pattern.xml b/res/xml/security_settings_pattern.xml
|
|
index 1585f016ee..9ce00d616e 100644
|
|
--- a/res/xml/security_settings_pattern.xml
|
|
+++ b/res/xml/security_settings_pattern.xml
|
|
@@ -32,6 +32,14 @@
|
|
android:title="@string/lockscreen_settings_title"
|
|
android:fragment="com.android.settings.security.LockscreenDashboardFragment"/>
|
|
|
|
+ <ListPreference
|
|
+ android:key="deny_new_usb"
|
|
+ android:title="@string/deny_new_usb_title"
|
|
+ android:summary="@string/deny_new_usb_summary"
|
|
+ android:persistent="false"
|
|
+ android:entries="@array/deny_new_usb_entries"
|
|
+ android:entryValues="@array/deny_new_usb_values" />
|
|
+
|
|
</PreferenceCategory>
|
|
|
|
</PreferenceScreen>
|
|
diff --git a/res/xml/security_settings_pin.xml b/res/xml/security_settings_pin.xml
|
|
index f7705b7e9c..c291f118a2 100644
|
|
--- a/res/xml/security_settings_pin.xml
|
|
+++ b/res/xml/security_settings_pin.xml
|
|
@@ -32,6 +32,14 @@
|
|
android:title="@string/lockscreen_settings_title"
|
|
android:fragment="com.android.settings.security.LockscreenDashboardFragment"/>
|
|
|
|
+ <ListPreference
|
|
+ android:key="deny_new_usb"
|
|
+ android:title="@string/deny_new_usb_title"
|
|
+ android:summary="@string/deny_new_usb_summary"
|
|
+ android:persistent="false"
|
|
+ android:entries="@array/deny_new_usb_entries"
|
|
+ android:entryValues="@array/deny_new_usb_values" />
|
|
+
|
|
</PreferenceCategory>
|
|
|
|
</PreferenceScreen>
|
|
diff --git a/src/com/android/settings/SecuritySettings.java b/src/com/android/settings/SecuritySettings.java
|
|
index 55f21fd22a..555b4a7c90 100644
|
|
--- a/src/com/android/settings/SecuritySettings.java
|
|
+++ b/src/com/android/settings/SecuritySettings.java
|
|
@@ -38,11 +38,13 @@
|
|
import android.os.UserHandle;
|
|
import android.os.UserManager;
|
|
import android.os.storage.StorageManager;
|
|
+import android.os.SystemProperties;
|
|
import android.provider.SearchIndexableResource;
|
|
import android.provider.Settings;
|
|
import android.service.trust.TrustAgentService;
|
|
import android.support.annotation.VisibleForTesting;
|
|
import android.support.v14.preference.SwitchPreference;
|
|
+import android.support.v7.preference.ListPreference;
|
|
import android.support.v7.preference.Preference;
|
|
import android.support.v7.preference.Preference.OnPreferenceChangeListener;
|
|
import android.support.v7.preference.PreferenceGroup;
|
|
@@ -118,6 +120,10 @@
|
|
private static final int UNUNIFY_LOCK_CONFIRM_DEVICE_REQUEST = 130;
|
|
private static final String TAG_UNIFICATION_DIALOG = "unification_dialog";
|
|
|
|
+ private static final String KEY_DENY_NEW_USB = "deny_new_usb";
|
|
+ private static final String DENY_NEW_USB_PROP = "security.deny_new_usb";
|
|
+ private static final String DENY_NEW_USB_PERSIST_PROP = "persist.security.deny_new_usb";
|
|
+
|
|
// Misc Settings
|
|
private static final String KEY_SIM_LOCK = "sim_lock_settings";
|
|
private static final String KEY_SHOW_PASSWORD = "show_password";
|
|
@@ -139,7 +145,7 @@
|
|
|
|
// These switch preferences need special handling since they're not all stored in Settings.
|
|
private static final String SWITCH_PREFERENCE_KEYS[] = {
|
|
- KEY_SHOW_PASSWORD, KEY_UNIFICATION, KEY_VISIBLE_PATTERN_PROFILE
|
|
+ KEY_SHOW_PASSWORD, KEY_UNIFICATION, KEY_VISIBLE_PATTERN_PROFILE, KEY_DENY_NEW_USB
|
|
};
|
|
|
|
// Only allow one trust agent on the platform.
|
|
@@ -169,6 +175,8 @@
|
|
|
|
private int mProfileChallengeUserId;
|
|
|
|
+ private ListPreference mDenyNewUsb;
|
|
+
|
|
private String mCurrentDevicePassword;
|
|
private String mCurrentProfilePassword;
|
|
|
|
@@ -324,6 +332,16 @@ private PreferenceScreen createPreferenceHierarchy() {
|
|
|
|
mIsAdmin = mUm.isAdminUser();
|
|
|
|
+ if (mIsAdmin) {
|
|
+ mDenyNewUsb = (ListPreference) findPreference(KEY_DENY_NEW_USB);
|
|
+ } else {
|
|
+ PreferenceGroup securityCategory = (PreferenceGroup)
|
|
+ root.findPreference(KEY_SECURITY_CATEGORY);
|
|
+ if (securityCategory != null) {
|
|
+ securityCategory.removePreference(securityCategory.findPreference(KEY_DENY_NEW_USB));
|
|
+ }
|
|
+ }
|
|
+
|
|
// Fingerprint and trust agents
|
|
int numberOfTrustAgent = 0;
|
|
PreferenceGroup securityCategory = (PreferenceGroup)
|
|
@@ -626,6 +644,10 @@ public void onResume() {
|
|
}
|
|
|
|
mLocationcontroller.updateSummary();
|
|
+
|
|
+ if (mDenyNewUsb != null) {
|
|
+ mDenyNewUsb.setValue(SystemProperties.get(DENY_NEW_USB_PERSIST_PROP, "disabled"));
|
|
+ }
|
|
}
|
|
|
|
private void updateUnificationPreference() {
|
|
@@ -812,6 +834,13 @@ public boolean onPreferenceChange(Preference preference, Object value) {
|
|
Settings.System.putInt(getContentResolver(), Settings.System.TEXT_SHOW_PASSWORD,
|
|
((Boolean) value) ? 1 : 0);
|
|
lockPatternUtils.setVisiblePasswordEnabled((Boolean) value, MY_USER_ID);
|
|
+ } else if (KEY_DENY_NEW_USB.equals(key)) {
|
|
+ String mode = (String) value;
|
|
+ SystemProperties.set(DENY_NEW_USB_PERSIST_PROP, mode);
|
|
+ // The dynamic mode defaults to the disabled state
|
|
+ if (mode.equals("dynamic")) {
|
|
+ SystemProperties.set(DENY_NEW_USB_PROP, "0");
|
|
+ }
|
|
}
|
|
return result;
|
|
}
|