Differentiate logs output while checking the access rules am: 497ae46f87 am: 89a09c8c0e

am: 3c437ee287 Change-Id: Ic1b937ba852910b3bf7dc9432898002b419384bb
author: Yosuke Iwakura <yosuke.iwakura@sony.com> 2019-03-22 12:51:39 -0700
committer: android-build-merger <android-build-merger@google.com> 2019-03-22 12:51:39 -0700
commit: 00118b6960742386bb80ce62e5bad5c5d09cd62e (patch)
tree: 1e5ed82f4b7df272c0fc9504fc0125c5745e6cb5
parent: c32a36982c23869a218e81558456ca31bd136c26 (diff)
parent: 3c437ee287416f325800763ae00d73f1fb4083ac (diff)
download: SecureElement-00118b6960742386bb80ce62e5bad5c5d09cd62e.tar.gz
3 files changed, 18 insertions, 6 deletions
diff --git a/src/com/android/se/security/AccessControlEnforcer.java b/src/com/android/se/security/AccessControlEnforcer.java
index 2366ce7..07df7e6 100644
--- a/src/com/android/se/security/AccessControlEnforcer.java
+++ b/src/com/android/se/security/AccessControlEnforcer.java
@@ -46,6 +46,7 @@ import android.util.Log;
 import com.android.se.Channel;
 import com.android.se.SecureElementService;
 import com.android.se.Terminal;
+import com.android.se.internal.ByteArrayConverter;
 import com.android.se.security.ChannelAccess.ACCESS;
 import com.android.se.security.ara.AraController;
 import com.android.se.security.arf.ArfController;
@@ -64,6 +65,7 @@ import java.util.NoSuchElementException;
 public class AccessControlEnforcer {
 
     private final String mTag = "SecureElement-AccessControlEnforcer";
+    private static final boolean DEBUG = Build.IS_DEBUGGABLE;
     private PackageManager mPackageManager = null;
     private boolean mNoRuleFound = false;
     private AraController mAraController = null;
@@ -235,7 +237,11 @@ public class AccessControlEnforcer {
         }
         String reason = ca.getReason();
         if (reason.length() == 0) {
-            reason = "Command not allowed!";
+            reason = "Unspecified";
+        }
+        if (DEBUG) {
+            Log.i(mTag, "checkCommand() : Access = " + ca.getAccess() + " APDU Access = "
+                    + ca.getApduAccess() + " Reason = " + reason);
         }
         if (ca.getAccess() != ACCESS.ALLOWED) {
             throw new AccessControlException(mTag + reason);
@@ -318,6 +324,12 @@ public class AccessControlEnforcer {
     public ChannelAccess getAccessRule(
             byte[] aid, List<byte []> appCertHashes)
             throws AccessControlException {
+        if (DEBUG) {
+            for (byte[] appCertHash : appCertHashes) {
+                Log.i(mTag, "getAccessRule() appCert = "
+                        + ByteArrayConverter.byteArrayToHexString(appCertHash));
+            }
+        }
         ChannelAccess channelAccess = null;
         // if read all is true get rule from cache.
         if (mRulesRead) {
diff --git a/src/com/android/se/security/AccessRuleCache.java b/src/com/android/se/security/AccessRuleCache.java
index e129b9d..2d3763b 100644
--- a/src/com/android/se/security/AccessRuleCache.java
+++ b/src/com/android/se/security/AccessRuleCache.java
@@ -302,7 +302,7 @@ public class AccessRuleCache {
 
             if (mRuleCache.containsKey(ref_do)) {
                 if (DEBUG) {
-                    Log.i(mTag, "findAccessRule() " + ref_do.toString() + ", "
+                    Log.i(mTag, "findAccessRule() Case A " + ref_do.toString() + ", "
                             + mRuleCache.get(ref_do).toString());
                 }
                 return mRuleCache.get(ref_do);
@@ -330,7 +330,7 @@ public class AccessRuleCache {
 
         if (mRuleCache.containsKey(ref_do)) {
             if (DEBUG) {
-                Log.i(mTag, "findAccessRule() " + ref_do.toString() + ", "
+                Log.i(mTag, "findAccessRule() Case B " + ref_do.toString() + ", "
                         + mRuleCache.get(ref_do).toString());
             }
             return mRuleCache.get(ref_do);
@@ -344,7 +344,7 @@ public class AccessRuleCache {
 
             if (mRuleCache.containsKey(ref_do)) {
                 if (DEBUG) {
-                    Log.i(mTag, "findAccessRule() " + ref_do.toString() + ", "
+                    Log.i(mTag, "findAccessRule() Case C " + ref_do.toString() + ", "
                             + mRuleCache.get(ref_do).toString());
                 }
                 return mRuleCache.get(ref_do);
@@ -374,7 +374,7 @@ public class AccessRuleCache {
 
         if (mRuleCache.containsKey(ref_do)) {
             if (DEBUG) {
-                Log.i(mTag, "findAccessRule() " + ref_do.toString() + ", "
+                Log.i(mTag, "findAccessRule() Case D " + ref_do.toString() + ", "
                         + mRuleCache.get(ref_do).toString());
             }
             return mRuleCache.get(ref_do);
diff --git a/src/com/android/se/security/ara/AraController.java b/src/com/android/se/security/ara/AraController.java
index 1e1fee8..bc4ea19 100644
--- a/src/com/android/se/security/ara/AraController.java
+++ b/src/com/android/se/security/ara/AraController.java
@@ -95,7 +95,7 @@ public class AraController {
 
         // set access conditions to access ARA-M.
         ChannelAccess araChannelAccess = new ChannelAccess();
-        araChannelAccess.setAccess(ChannelAccess.ACCESS.ALLOWED, mTag);
+        araChannelAccess.setAccess(ChannelAccess.ACCESS.ALLOWED, "");
         araChannelAccess.setApduAccess(ChannelAccess.ACCESS.ALLOWED);
         channel.setChannelAccess(araChannelAccess);
author	Yosuke Iwakura <yosuke.iwakura@sony.com>	2019-03-22 12:51:39 -0700
committer	android-build-merger <android-build-merger@google.com>	2019-03-22 12:51:39 -0700
commit	00118b6960742386bb80ce62e5bad5c5d09cd62e (patch)
tree	1e5ed82f4b7df272c0fc9504fc0125c5745e6cb5
parent	c32a36982c23869a218e81558456ca31bd136c26 (diff)
parent	3c437ee287416f325800763ae00d73f1fb4083ac (diff)
download	SecureElement-00118b6960742386bb80ce62e5bad5c5d09cd62e.tar.gz