diff options
author | Yosuke Iwakura <yosuke.iwakura@sony.com> | 2019-03-22 12:51:39 -0700 |
---|---|---|
committer | android-build-merger <android-build-merger@google.com> | 2019-03-22 12:51:39 -0700 |
commit | 00118b6960742386bb80ce62e5bad5c5d09cd62e (patch) | |
tree | 1e5ed82f4b7df272c0fc9504fc0125c5745e6cb5 | |
parent | c32a36982c23869a218e81558456ca31bd136c26 (diff) | |
parent | 3c437ee287416f325800763ae00d73f1fb4083ac (diff) | |
download | SecureElement-00118b6960742386bb80ce62e5bad5c5d09cd62e.tar.gz |
Differentiate logs output while checking the access rules am: 497ae46f87 am: 89a09c8c0e
am: 3c437ee287
Change-Id: Ic1b937ba852910b3bf7dc9432898002b419384bb
-rw-r--r-- | src/com/android/se/security/AccessControlEnforcer.java | 14 | ||||
-rw-r--r-- | src/com/android/se/security/AccessRuleCache.java | 8 | ||||
-rw-r--r-- | src/com/android/se/security/ara/AraController.java | 2 |
3 files changed, 18 insertions, 6 deletions
diff --git a/src/com/android/se/security/AccessControlEnforcer.java b/src/com/android/se/security/AccessControlEnforcer.java index 2366ce7..07df7e6 100644 --- a/src/com/android/se/security/AccessControlEnforcer.java +++ b/src/com/android/se/security/AccessControlEnforcer.java @@ -46,6 +46,7 @@ import android.util.Log; import com.android.se.Channel; import com.android.se.SecureElementService; import com.android.se.Terminal; +import com.android.se.internal.ByteArrayConverter; import com.android.se.security.ChannelAccess.ACCESS; import com.android.se.security.ara.AraController; import com.android.se.security.arf.ArfController; @@ -64,6 +65,7 @@ import java.util.NoSuchElementException; public class AccessControlEnforcer { private final String mTag = "SecureElement-AccessControlEnforcer"; + private static final boolean DEBUG = Build.IS_DEBUGGABLE; private PackageManager mPackageManager = null; private boolean mNoRuleFound = false; private AraController mAraController = null; @@ -235,7 +237,11 @@ public class AccessControlEnforcer { } String reason = ca.getReason(); if (reason.length() == 0) { - reason = "Command not allowed!"; + reason = "Unspecified"; + } + if (DEBUG) { + Log.i(mTag, "checkCommand() : Access = " + ca.getAccess() + " APDU Access = " + + ca.getApduAccess() + " Reason = " + reason); } if (ca.getAccess() != ACCESS.ALLOWED) { throw new AccessControlException(mTag + reason); @@ -318,6 +324,12 @@ public class AccessControlEnforcer { public ChannelAccess getAccessRule( byte[] aid, List<byte []> appCertHashes) throws AccessControlException { + if (DEBUG) { + for (byte[] appCertHash : appCertHashes) { + Log.i(mTag, "getAccessRule() appCert = " + + ByteArrayConverter.byteArrayToHexString(appCertHash)); + } + } ChannelAccess channelAccess = null; // if read all is true get rule from cache. if (mRulesRead) { diff --git a/src/com/android/se/security/AccessRuleCache.java b/src/com/android/se/security/AccessRuleCache.java index e129b9d..2d3763b 100644 --- a/src/com/android/se/security/AccessRuleCache.java +++ b/src/com/android/se/security/AccessRuleCache.java @@ -302,7 +302,7 @@ public class AccessRuleCache { if (mRuleCache.containsKey(ref_do)) { if (DEBUG) { - Log.i(mTag, "findAccessRule() " + ref_do.toString() + ", " + Log.i(mTag, "findAccessRule() Case A " + ref_do.toString() + ", " + mRuleCache.get(ref_do).toString()); } return mRuleCache.get(ref_do); @@ -330,7 +330,7 @@ public class AccessRuleCache { if (mRuleCache.containsKey(ref_do)) { if (DEBUG) { - Log.i(mTag, "findAccessRule() " + ref_do.toString() + ", " + Log.i(mTag, "findAccessRule() Case B " + ref_do.toString() + ", " + mRuleCache.get(ref_do).toString()); } return mRuleCache.get(ref_do); @@ -344,7 +344,7 @@ public class AccessRuleCache { if (mRuleCache.containsKey(ref_do)) { if (DEBUG) { - Log.i(mTag, "findAccessRule() " + ref_do.toString() + ", " + Log.i(mTag, "findAccessRule() Case C " + ref_do.toString() + ", " + mRuleCache.get(ref_do).toString()); } return mRuleCache.get(ref_do); @@ -374,7 +374,7 @@ public class AccessRuleCache { if (mRuleCache.containsKey(ref_do)) { if (DEBUG) { - Log.i(mTag, "findAccessRule() " + ref_do.toString() + ", " + Log.i(mTag, "findAccessRule() Case D " + ref_do.toString() + ", " + mRuleCache.get(ref_do).toString()); } return mRuleCache.get(ref_do); diff --git a/src/com/android/se/security/ara/AraController.java b/src/com/android/se/security/ara/AraController.java index 1e1fee8..bc4ea19 100644 --- a/src/com/android/se/security/ara/AraController.java +++ b/src/com/android/se/security/ara/AraController.java @@ -95,7 +95,7 @@ public class AraController { // set access conditions to access ARA-M. ChannelAccess araChannelAccess = new ChannelAccess(); - araChannelAccess.setAccess(ChannelAccess.ACCESS.ALLOWED, mTag); + araChannelAccess.setAccess(ChannelAccess.ACCESS.ALLOWED, ""); araChannelAccess.setApduAccess(ChannelAccess.ACCESS.ALLOWED); channel.setChannelAccess(araChannelAccess); |