Add package name for ArcUsbHost mojom interface.

Since Chrome side never knows the identifier of requesting Android package, pass the package name to Chrome side so that Chrome side can respond correctly. Bug: 776476 Bug: b:24572867 Change-Id: I14d29245d43d91bb43d83df0cfae23809d1bfd02 Reviewed-on: https://chromium-review.googlesource.com/954402Reviewed-by: Mattias Nissler <mnissler@chromium.org> Reviewed-by: Luis Hector Chavez <lhchavez@chromium.org> Commit-Queue: Long Cheng <lgcheng@google.com> Cr-Commit-Position: refs/heads/master@{#543412}

Add package name for ArcUsbHost mojom interface.
Since Chrome side never knows the identifier of requesting Android package, pass the package name to Chrome side so that Chrome side can respond correctly. Bug: 776476 Bug: b:24572867 Change-Id: I14d29245d43d91bb43d83df0cfae23809d1bfd02 Reviewed-on: https://chromium-review.googlesource.com/954402Reviewed-by: Mattias Nissler <mnissler@chromium.org> Reviewed-by: Luis Hector Chavez <lhchavez@chromium.org> Commit-Queue: Long Cheng <lgcheng@google.com> Cr-Commit-Position: refs/heads/master@{#543412}
81e42d0d · lgcheng · Commit Bot · 7569414b · 81e42d0d · 81e42d0d
Commit 81e42d0d authored Mar 15, 2018 by lgcheng Committed by Commit Bot Mar 15, 2018
3 changed files
--- a/components/arc/common/usb_host.mojom
+++ b/components/arc/common/usb_host.mojom
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

-// Next MinVersion: 1
+// Next MinVersion: 2
 module arc.mojom;

 // re-use device.mojom.UsbDeviceInfo
@@ -10,11 +10,14 @@ import "device/usb/public/mojom/device.mojom";

 // Next method ID: 3
 interface UsbHostHost {
-  // Tries the open the USB device node for the device named 'guid'
-  // and returns an open file descriptor to this node.
-  // You need to have previously called RequestPermission for this 'guid'
-  // else this call will fail.
-  OpenDevice@0(string guid) => (handle usb_fd);
+  // Tries to open the USB device node for the device named 'guid' for caller
+  // 'pkg_name' and returns an open file descriptor to this node. 'pkg_name'
+  // needs to have previously called RequestPermission for this 'guid' else this
+  // call will fail. Note the 'pkg_name' is informational purposes only, there
+  // is no effective way that host can restrict access to only a specific
+  // package at the security boundary formed by this Mojo interface.
+  OpenDevice@0(string guid,
+               [Minversion=1] string? pkg_name) => (handle usb_fd);

  // Returns the USB device descriptors for the device named 'guid'.
  GetDeviceInfo@1(string guid) => (string device_name,

--- a/components/arc/usb/usb_host_bridge.cc
+++ b/components/arc/usb/usb_host_bridge.cc
@@ -120,14 +120,14 @@ void ArcUsbHostBridge::RequestPermission(const std::string& guid,
                                         RequestPermissionCallback callback) {
  VLOG(2) << "USB RequestPermission " << guid << " package " << package;
  // Permission already requested.
-  if (HasPermissionForDevice(guid)) {
+  if (HasPermissionForDevice(guid, package)) {
    std::move(callback).Run(true);
    return;
  }

  // The other side was just checking, fail without asking the user.
  if (!interactive) {
-    std::move(callback).Run(false);
+    std::move(callback).Run(HasPermissionForDevice(guid, package));
    return;
  }

@@ -136,8 +136,9 @@ void ArcUsbHostBridge::RequestPermission(const std::string& guid,
 }

 void ArcUsbHostBridge::OpenDevice(const std::string& guid,
+                                  const base::Optional<std::string>& package,
                                  OpenDeviceCallback callback) {
-  if (!usb_service_) {
+  if (!usb_service_ || !package) {
    std::move(callback).Run(mojo::ScopedHandle());
    return;
  }
@@ -150,7 +151,7 @@ void ArcUsbHostBridge::OpenDevice(const std::string& guid,
  }

  // The RequestPermission was never done, abort.
-  if (!HasPermissionForDevice(guid)) {
+  if (!HasPermissionForDevice(guid, package.value())) {
    std::move(callback).Run(mojo::ScopedHandle());
    return;
  }
@@ -297,10 +298,23 @@ void ArcUsbHostBridge::DoRequestUserAuthorization(
      std::move(callback));
 }

-bool ArcUsbHostBridge::HasPermissionForDevice(const std::string& guid) {
-  // TODO(lgcheng): implement permission settings
-  // fail close for now
-  return false;
+bool ArcUsbHostBridge::HasPermissionForDevice(const std::string& guid,
+                                              const std::string& package) {
+  if (!ui_delegate_)
+    return false;
+
+  if (!usb_service_)
+    return false;
+
+  scoped_refptr<device::UsbDevice> device = usb_service_->GetDevice(guid);
+  if (!device.get()) {
+    LOG(WARNING) << "Unknown USB device " << guid;
+    return false;
+  }
+
+  return ui_delegate_->HasUsbAccessPermission(
+      package, guid, device->serial_number(), device->vendor_id(),
+      device->product_id());
 }

 }  // namespace arc
--- a/components/arc/usb/usb_host_bridge.h
+++ b/components/arc/usb/usb_host_bridge.h
@@ -54,6 +54,7 @@ class ArcUsbHostBridge : public KeyedService,
                         bool interactive,
                         RequestPermissionCallback callback) override;
  void OpenDevice(const std::string& guid,
+                  const base::Optional<std::string>& package,
                  OpenDeviceCallback callback) override;
  void GetDeviceInfo(const std::string& guid,
                     GetDeviceInfoCallback callback) override;
@@ -77,7 +78,8 @@ class ArcUsbHostBridge : public KeyedService,
  void DoRequestUserAuthorization(const std::string& guid,
                                  const std::string& package,
                                  RequestPermissionCallback callback);
-  bool HasPermissionForDevice(const std::string& guid);
+  bool HasPermissionForDevice(const std::string& guid,
+                              const std::string& package);

  ArcBridgeService* const arc_bridge_service_;  // Owned by ArcServiceManager.
  mojom::UsbHostHostPtr usb_host_ptr_;