Unblock some operations for privilege applications am: 50f1c9584a am: edcdd54ffa am: 4a7a362a87

Change-Id: I7b75545e13cfe9822b3065e99d98a8d2e41f1d2d

3 files changed, 27 insertions, 4 deletions

diff --git a/src/com/android/se/Channel.java b/src/com/android/se/Channel.java
index b0bc2c4..f9e073e 100644
--- a/src/com/android/se/Channel.java
+++ b/src/com/android/se/Channel.java
@@ -134,7 +134,11 @@ public class Channel implements IBinder.DeathRecipient {
                 throw new SecurityException("MANAGE CHANNEL command not allowed");
             }
             if ((command[1] == (byte) 0xA4) && (command[2] == (byte) 0x04)) {
-                throw new SecurityException("SELECT by DF name command not allowed");
+                // SELECT by DF name is only allowed for CarrierPrivilege applications
+                // or system privilege applications
+                if (ChannelAccess.ACCESS.ALLOWED != mChannelAccess.getPrivilegeAccess()) {
+                    throw new SecurityException("SELECT by DF name command not allowed");
+                }
             }
         }
 
diff --git a/src/com/android/se/SecureElementService.java b/src/com/android/se/SecureElementService.java
index 6f72377..5ca4646 100644
--- a/src/com/android/se/SecureElementService.java
+++ b/src/com/android/se/SecureElementService.java
@@ -263,9 +263,6 @@ public final class SecureElementService extends Service {
                 throw new IllegalStateException("Session is closed");
             } else if (listener == null) {
                 throw new NullPointerException("listener must not be null");
-            } else if (mReader.getTerminal().getName().startsWith(
-                    SecureElementService.UICC_TERMINAL)) {
-                return null;
             } else if ((p2 != 0x00) && (p2 != 0x04) && (p2 != 0x08)
                     && (p2 != (byte) 0x0C)) {
                 throw new UnsupportedOperationException("p2 not supported: "
diff --git a/src/com/android/se/security/ChannelAccess.java b/src/com/android/se/security/ChannelAccess.java
index d75ad15..8070bed 100755
--- a/src/com/android/se/security/ChannelAccess.java
+++ b/src/com/android/se/security/ChannelAccess.java
@@ -47,6 +47,7 @@ public class ChannelAccess {
     private String mReason = "no access by default";
     private ACCESS mNFCEventAccess = ACCESS.UNDEFINED;
     private ApduFilter[] mApduFilter = null;
+    private ACCESS mPrivilegeAccess = ACCESS.UNDEFINED;
 
     /** Clones the ChannelAccess */
     public ChannelAccess clone() {
@@ -140,6 +141,7 @@ public class ChannelAccess {
         ca.setAccess(ACCESS.ALLOWED, "privilege application");
         ca.setApduAccess(ACCESS.ALLOWED);
         ca.setNFCEventAccess(ACCESS.ALLOWED);
+        ca.setPrivilegeAccess(ACCESS.ALLOWED);
 
         return ca;
     }
@@ -151,10 +153,28 @@ public class ChannelAccess {
         ca.setCallingPid(pid);
         ca.setAccess(ACCESS.ALLOWED, "Carrier-Privilege");
         ca.setApduAccess(ACCESS.ALLOWED);
+        ca.setPrivilegeAccess(ACCESS.ALLOWED);
 
         return ca;
     }
 
+    public ACCESS getPrivilegeAccess() {
+        return mPrivilegeAccess;
+    }
+
+    public void setPrivilegeAccess(ACCESS access) {
+        mPrivilegeAccess = access;
+    }
+
+    public void setCarrierPrivilegeAccess(String packageName, int pid) {
+        mPackageName = packageName;
+        mCallingPid = pid;
+        mAccess = ACCESS.ALLOWED;
+        mApduAccess = ACCESS.ALLOWED;
+        mPrivilegeAccess = ACCESS.ALLOWED;
+        mReason = "Carrier-Privilege";
+    }
+
     @Override
     public String toString() {
         StringBuilder sb = new StringBuilder();
@@ -182,6 +202,8 @@ public class ChannelAccess {
         sb.append(mReason);
         sb.append(", mNFCEventAllowed=");
         sb.append(mNFCEventAccess);
+        sb.append(", mPrivilegeAccess=");
+        sb.append(mPrivilegeAccess);
         sb.append("]\n");
 
         return sb.toString();