Prevent Crashes due to Carrier Privilege Rules

am: 08669ef15c Change-Id: I685d17ec5f6bd2d0eec6c7953d12c79d4edab0a7
author: Ruchi Kandoi <kandoiruchi@google.com> 2019-03-18 09:26:32 -0700
committer: android-build-merger <android-build-merger@google.com> 2019-03-18 09:26:32 -0700
commit: f020365f9a96a97ef9552e4a885fb1e99e4f1b06 (patch)
tree: c1e47e75534680ea746e2bd5dad81c936b211fa1
parent: 957011da50d45bc42ba5d146e1ea49dc7717caad (diff)
parent: 08669ef15cdba86d36b69f4e4a9bdc4b071dd9a4 (diff)
download: SecureElement-f020365f9a96a97ef9552e4a885fb1e99e4f1b06.tar.gz
4 files changed, 36 insertions, 0 deletions
diff --git a/src/com/android/se/security/AccessRuleCache.java b/src/com/android/se/security/AccessRuleCache.java
index 8461c49..8a74465 100644
--- a/src/com/android/se/security/AccessRuleCache.java
+++ b/src/com/android/se/security/AccessRuleCache.java
@@ -135,12 +135,20 @@ public class AccessRuleCache {
 
     /** Adds the Rule to the Cache */
     public void putWithMerge(REF_DO refDo, AR_DO arDo) {
+        if (refDo.isCarrierPrivilegeRefDo()) {
+            // Ignore Carrier Privilege Rules
+            return;
+        }
         ChannelAccess channelAccess = mapArDo2ChannelAccess(arDo);
         putWithMerge(refDo, channelAccess);
     }
 
     /** Adds the Rule to the Cache */
     public void putWithMerge(REF_DO refDo, ChannelAccess channelAccess) {
+        if (refDo.isCarrierPrivilegeRefDo()) {
+            // Ignore Carrier Privilege Rules
+            return;
+        }
         if (mRuleCache.containsKey(refDo)) {
             ChannelAccess ca = mRuleCache.get(refDo);
 
diff --git a/src/com/android/se/security/gpac/AID_REF_DO.java b/src/com/android/se/security/gpac/AID_REF_DO.java
index d218beb..70bddfb 100644
--- a/src/com/android/se/security/gpac/AID_REF_DO.java
+++ b/src/com/android/se/security/gpac/AID_REF_DO.java
@@ -49,6 +49,8 @@ public class AID_REF_DO extends BerTlv {
     public static final int TAG = 0x4F;
     public static final int TAG_DEFAULT_APPLICATION = 0xC0;
 
+    private static final byte[] CARRIER_PRIVILEGE_AID = {(byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+            (byte) 0xFF, (byte) 0xFF, (byte) 0xFF};
     private byte[] mAid = new byte[0];
 
     public AID_REF_DO(byte[] rawData, int tag, int valueIndex, int valueLength) {
@@ -178,4 +180,14 @@ public class AID_REF_DO extends BerTlv {
         }
         return false;
     }
+
+    /** Checks if the AID_REF_DO is a Carrier Privilege rule */
+    public boolean isCarrierPrivilege() {
+        return Arrays.equals(mAid, CARRIER_PRIVILEGE_AID);
+    }
+
+    /** Creates a Carrier Privilege AID_REF_DO */
+    public static AID_REF_DO createCarrierPrivilegeAid() {
+        return new AID_REF_DO(AID_REF_DO.TAG, CARRIER_PRIVILEGE_AID);
+    }
 }
diff --git a/src/com/android/se/security/gpac/REF_AR_DO.java b/src/com/android/se/security/gpac/REF_AR_DO.java
index fd4231c..6111cf2 100755
--- a/src/com/android/se/security/gpac/REF_AR_DO.java
+++ b/src/com/android/se/security/gpac/REF_AR_DO.java
@@ -111,6 +111,12 @@ public class REF_AR_DO extends BerTlv {
             index = temp.getValueIndex() + temp.getValueLength();
         } while (getValueIndex() + getValueLength() > index);
 
+        // check for Carrier Privilege rules
+        if (mRefDo != null && mArDo == null && mRefDo.getAidDo() != null
+                && mRefDo.getAidDo().isCarrierPrivilege()) {
+            return;
+        }
+
         // check for mandatory TLVs.
         if (mRefDo == null) {
             throw new ParserException("Missing Ref-DO in REF-AR-DO!");
diff --git a/src/com/android/se/security/gpac/REF_DO.java b/src/com/android/se/security/gpac/REF_DO.java
index fd73e0d..7ccf547 100644
--- a/src/com/android/se/security/gpac/REF_DO.java
+++ b/src/com/android/se/security/gpac/REF_DO.java
@@ -121,6 +121,12 @@ public class REF_DO extends BerTlv {
             index = temp.getValueIndex() + temp.getValueLength();
         } while (getValueIndex() + getValueLength() > index);
 
+        // A rule without AID is a Carrier Privilege Rule.
+        // Enforces the AID to be the Carrier Privilege AID to avoid a null AID.
+        if (mAidDo == null && mHashDo != null) {
+            mAidDo = AID_REF_DO.createCarrierPrivilegeAid();
+        }
+
         // check if there is a AID-REF-DO
         if (mAidDo == null) {
             throw new ParserException("Missing AID-REF-DO in REF-DO!");
@@ -179,4 +185,8 @@ public class REF_DO extends BerTlv {
         // int hash = data.hashCode();
         return hash;
     }
+
+    public boolean isCarrierPrivilegeRefDo() {
+        return (mAidDo != null && mAidDo.isCarrierPrivilege());
+    }
 }
author	Ruchi Kandoi <kandoiruchi@google.com>	2019-03-18 09:26:32 -0700
committer	android-build-merger <android-build-merger@google.com>	2019-03-18 09:26:32 -0700
commit	f020365f9a96a97ef9552e4a885fb1e99e4f1b06 (patch)
tree	c1e47e75534680ea746e2bd5dad81c936b211fa1
parent	957011da50d45bc42ba5d146e1ea49dc7717caad (diff)
parent	08669ef15cdba86d36b69f4e4a9bdc4b071dd9a4 (diff)
download	SecureElement-f020365f9a96a97ef9552e4a885fb1e99e4f1b06.tar.gz