diff options
author | Jack Yu <jackcwyu@google.com> | 2020-06-08 16:05:46 +0000 |
---|---|---|
committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2020-06-08 16:05:46 +0000 |
commit | ab8c47531fd35c5af3851373b3b1f150426aaa60 (patch) | |
tree | eb1db0c53464d29ae8890c5150761d63205c60e0 | |
parent | 30407afa87f72c3f25c6d4dae76f391a76ac2a56 (diff) | |
parent | 69dbe6f5de0429289fce35841c2b394ea25a26bb (diff) | |
download | SecureElement-ab8c47531fd35c5af3851373b3b1f150426aaa60.tar.gz |
Deny the operation to select ISD-R aid am: 69dbe6f5de
Original change: https://googleplex-android-review.googlesource.com/c/platform/packages/apps/SecureElement/+/11786959
Change-Id: Ibe80571215c26b9c515f4a57222d8fd4d6ce3377
-rw-r--r-- | src/com/android/se/Terminal.java | 25 |
1 files changed, 24 insertions, 1 deletions
diff --git a/src/com/android/se/Terminal.java b/src/com/android/se/Terminal.java index fb507e0..080f337 100644 --- a/src/com/android/se/Terminal.java +++ b/src/com/android/se/Terminal.java @@ -51,6 +51,7 @@ import com.android.se.security.ChannelAccess; import java.io.IOException; import java.io.PrintWriter; import java.util.ArrayList; +import java.util.Arrays; import java.util.Collection; import java.util.HashMap; import java.util.Map; @@ -84,6 +85,26 @@ public class Terminal { private static final String SECURE_ELEMENT_PRIVILEGED_OPERATION_PERMISSION = "android.permission.SECURE_ELEMENT_PRIVILEGED_OPERATION"; + public static final byte[] ISD_R_AID = + new byte[]{ + (byte) 0xA0, + (byte) 0x00, + (byte) 0x00, + (byte) 0x05, + (byte) 0x59, + (byte) 0x10, + (byte) 0x10, + (byte) 0xFF, + (byte) 0xFF, + (byte) 0xFF, + (byte) 0xFF, + (byte) 0x89, + (byte) 0x00, + (byte) 0x00, + (byte) 0x01, + (byte) 0x00, + }; + private ISecureElementHalCallback.Stub mHalCallback = new ISecureElementHalCallback.Stub() { @Override public void onStateChange(boolean state) { @@ -719,7 +740,9 @@ public class Terminal { } mAccessControlEnforcer.setPackageManager(mContext.getPackageManager()); - if (getName().startsWith(SecureElementService.UICC_TERMINAL)) { + // Check carrier privilege when AID is not ISD-R + if (getName().startsWith(SecureElementService.UICC_TERMINAL) + && !Arrays.equals(aid, ISD_R_AID)) { try { PackageManager pm = mContext.getPackageManager(); if (pm != null) { |