diff options
author | Ruchi Kandoi <kandoiruchi@google.com> | 2019-03-18 09:26:32 -0700 |
---|---|---|
committer | android-build-merger <android-build-merger@google.com> | 2019-03-18 09:26:32 -0700 |
commit | f020365f9a96a97ef9552e4a885fb1e99e4f1b06 (patch) | |
tree | c1e47e75534680ea746e2bd5dad81c936b211fa1 | |
parent | 957011da50d45bc42ba5d146e1ea49dc7717caad (diff) | |
parent | 08669ef15cdba86d36b69f4e4a9bdc4b071dd9a4 (diff) | |
download | SecureElement-f020365f9a96a97ef9552e4a885fb1e99e4f1b06.tar.gz |
Prevent Crashes due to Carrier Privilege Rules
am: 08669ef15c
Change-Id: I685d17ec5f6bd2d0eec6c7953d12c79d4edab0a7
-rw-r--r-- | src/com/android/se/security/AccessRuleCache.java | 8 | ||||
-rw-r--r-- | src/com/android/se/security/gpac/AID_REF_DO.java | 12 | ||||
-rwxr-xr-x | src/com/android/se/security/gpac/REF_AR_DO.java | 6 | ||||
-rw-r--r-- | src/com/android/se/security/gpac/REF_DO.java | 10 |
4 files changed, 36 insertions, 0 deletions
diff --git a/src/com/android/se/security/AccessRuleCache.java b/src/com/android/se/security/AccessRuleCache.java index 8461c49..8a74465 100644 --- a/src/com/android/se/security/AccessRuleCache.java +++ b/src/com/android/se/security/AccessRuleCache.java @@ -135,12 +135,20 @@ public class AccessRuleCache { /** Adds the Rule to the Cache */ public void putWithMerge(REF_DO refDo, AR_DO arDo) { + if (refDo.isCarrierPrivilegeRefDo()) { + // Ignore Carrier Privilege Rules + return; + } ChannelAccess channelAccess = mapArDo2ChannelAccess(arDo); putWithMerge(refDo, channelAccess); } /** Adds the Rule to the Cache */ public void putWithMerge(REF_DO refDo, ChannelAccess channelAccess) { + if (refDo.isCarrierPrivilegeRefDo()) { + // Ignore Carrier Privilege Rules + return; + } if (mRuleCache.containsKey(refDo)) { ChannelAccess ca = mRuleCache.get(refDo); diff --git a/src/com/android/se/security/gpac/AID_REF_DO.java b/src/com/android/se/security/gpac/AID_REF_DO.java index d218beb..70bddfb 100644 --- a/src/com/android/se/security/gpac/AID_REF_DO.java +++ b/src/com/android/se/security/gpac/AID_REF_DO.java @@ -49,6 +49,8 @@ public class AID_REF_DO extends BerTlv { public static final int TAG = 0x4F; public static final int TAG_DEFAULT_APPLICATION = 0xC0; + private static final byte[] CARRIER_PRIVILEGE_AID = {(byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF}; private byte[] mAid = new byte[0]; public AID_REF_DO(byte[] rawData, int tag, int valueIndex, int valueLength) { @@ -178,4 +180,14 @@ public class AID_REF_DO extends BerTlv { } return false; } + + /** Checks if the AID_REF_DO is a Carrier Privilege rule */ + public boolean isCarrierPrivilege() { + return Arrays.equals(mAid, CARRIER_PRIVILEGE_AID); + } + + /** Creates a Carrier Privilege AID_REF_DO */ + public static AID_REF_DO createCarrierPrivilegeAid() { + return new AID_REF_DO(AID_REF_DO.TAG, CARRIER_PRIVILEGE_AID); + } } diff --git a/src/com/android/se/security/gpac/REF_AR_DO.java b/src/com/android/se/security/gpac/REF_AR_DO.java index fd4231c..6111cf2 100755 --- a/src/com/android/se/security/gpac/REF_AR_DO.java +++ b/src/com/android/se/security/gpac/REF_AR_DO.java @@ -111,6 +111,12 @@ public class REF_AR_DO extends BerTlv { index = temp.getValueIndex() + temp.getValueLength(); } while (getValueIndex() + getValueLength() > index); + // check for Carrier Privilege rules + if (mRefDo != null && mArDo == null && mRefDo.getAidDo() != null + && mRefDo.getAidDo().isCarrierPrivilege()) { + return; + } + // check for mandatory TLVs. if (mRefDo == null) { throw new ParserException("Missing Ref-DO in REF-AR-DO!"); diff --git a/src/com/android/se/security/gpac/REF_DO.java b/src/com/android/se/security/gpac/REF_DO.java index fd73e0d..7ccf547 100644 --- a/src/com/android/se/security/gpac/REF_DO.java +++ b/src/com/android/se/security/gpac/REF_DO.java @@ -121,6 +121,12 @@ public class REF_DO extends BerTlv { index = temp.getValueIndex() + temp.getValueLength(); } while (getValueIndex() + getValueLength() > index); + // A rule without AID is a Carrier Privilege Rule. + // Enforces the AID to be the Carrier Privilege AID to avoid a null AID. + if (mAidDo == null && mHashDo != null) { + mAidDo = AID_REF_DO.createCarrierPrivilegeAid(); + } + // check if there is a AID-REF-DO if (mAidDo == null) { throw new ParserException("Missing AID-REF-DO in REF-DO!"); @@ -179,4 +185,8 @@ public class REF_DO extends BerTlv { // int hash = data.hashCode(); return hash; } + + public boolean isCarrierPrivilegeRefDo() { + return (mAidDo != null && mAidDo.isCarrierPrivilege()); + } } |