diff options
author | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2020-01-18 02:21:05 +0000 |
---|---|---|
committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2020-01-18 02:21:05 +0000 |
commit | 4a7a362a879d6bb3fa6e3f4cf95889c3f41cea3f (patch) | |
tree | c5b9187bc068185597bd810be925ff7025b5ef4b | |
parent | ad7ee467d57d28c5e852efc0850fc0c106fb0e5a (diff) | |
parent | edcdd54ffa398bc7a93bb39424c5f0a60d6c6206 (diff) | |
download | SecureElement-4a7a362a879d6bb3fa6e3f4cf95889c3f41cea3f.tar.gz |
Unblock some operations for privilege applications am: 50f1c9584a am: edcdd54ffa
Change-Id: I6ac56d6ab996301848f2f7727d14b868057fbacb
-rw-r--r-- | src/com/android/se/Channel.java | 6 | ||||
-rw-r--r-- | src/com/android/se/SecureElementService.java | 3 | ||||
-rwxr-xr-x | src/com/android/se/security/ChannelAccess.java | 22 |
3 files changed, 27 insertions, 4 deletions
diff --git a/src/com/android/se/Channel.java b/src/com/android/se/Channel.java index b0bc2c4..f9e073e 100644 --- a/src/com/android/se/Channel.java +++ b/src/com/android/se/Channel.java @@ -134,7 +134,11 @@ public class Channel implements IBinder.DeathRecipient { throw new SecurityException("MANAGE CHANNEL command not allowed"); } if ((command[1] == (byte) 0xA4) && (command[2] == (byte) 0x04)) { - throw new SecurityException("SELECT by DF name command not allowed"); + // SELECT by DF name is only allowed for CarrierPrivilege applications + // or system privilege applications + if (ChannelAccess.ACCESS.ALLOWED != mChannelAccess.getPrivilegeAccess()) { + throw new SecurityException("SELECT by DF name command not allowed"); + } } } diff --git a/src/com/android/se/SecureElementService.java b/src/com/android/se/SecureElementService.java index 6f72377..5ca4646 100644 --- a/src/com/android/se/SecureElementService.java +++ b/src/com/android/se/SecureElementService.java @@ -263,9 +263,6 @@ public final class SecureElementService extends Service { throw new IllegalStateException("Session is closed"); } else if (listener == null) { throw new NullPointerException("listener must not be null"); - } else if (mReader.getTerminal().getName().startsWith( - SecureElementService.UICC_TERMINAL)) { - return null; } else if ((p2 != 0x00) && (p2 != 0x04) && (p2 != 0x08) && (p2 != (byte) 0x0C)) { throw new UnsupportedOperationException("p2 not supported: " diff --git a/src/com/android/se/security/ChannelAccess.java b/src/com/android/se/security/ChannelAccess.java index d75ad15..8070bed 100755 --- a/src/com/android/se/security/ChannelAccess.java +++ b/src/com/android/se/security/ChannelAccess.java @@ -47,6 +47,7 @@ public class ChannelAccess { private String mReason = "no access by default"; private ACCESS mNFCEventAccess = ACCESS.UNDEFINED; private ApduFilter[] mApduFilter = null; + private ACCESS mPrivilegeAccess = ACCESS.UNDEFINED; /** Clones the ChannelAccess */ public ChannelAccess clone() { @@ -140,6 +141,7 @@ public class ChannelAccess { ca.setAccess(ACCESS.ALLOWED, "privilege application"); ca.setApduAccess(ACCESS.ALLOWED); ca.setNFCEventAccess(ACCESS.ALLOWED); + ca.setPrivilegeAccess(ACCESS.ALLOWED); return ca; } @@ -151,10 +153,28 @@ public class ChannelAccess { ca.setCallingPid(pid); ca.setAccess(ACCESS.ALLOWED, "Carrier-Privilege"); ca.setApduAccess(ACCESS.ALLOWED); + ca.setPrivilegeAccess(ACCESS.ALLOWED); return ca; } + public ACCESS getPrivilegeAccess() { + return mPrivilegeAccess; + } + + public void setPrivilegeAccess(ACCESS access) { + mPrivilegeAccess = access; + } + + public void setCarrierPrivilegeAccess(String packageName, int pid) { + mPackageName = packageName; + mCallingPid = pid; + mAccess = ACCESS.ALLOWED; + mApduAccess = ACCESS.ALLOWED; + mPrivilegeAccess = ACCESS.ALLOWED; + mReason = "Carrier-Privilege"; + } + @Override public String toString() { StringBuilder sb = new StringBuilder(); @@ -182,6 +202,8 @@ public class ChannelAccess { sb.append(mReason); sb.append(", mNFCEventAllowed="); sb.append(mNFCEventAccess); + sb.append(", mPrivilegeAccess="); + sb.append(mPrivilegeAccess); sb.append("]\n"); return sb.toString(); |