diff options
author | Jack Yu <jackcwyu@google.com> | 2020-04-22 05:25:04 +0000 |
---|---|---|
committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2020-04-22 05:25:04 +0000 |
commit | 79c95370132b8c002fc28b10e5a94a44c0c69006 (patch) | |
tree | 854d8d44e396f398e7b223aa2c7c9c18dc72ca15 | |
parent | cbddd0c10e9bcedbb713cddeb421b5792fd8a5e0 (diff) | |
parent | 489369c42922b715d1c1984b33f167beeea94811 (diff) | |
download | SecureElement-79c95370132b8c002fc28b10e5a94a44c0c69006.tar.gz |
OpenBasicChannel with UICC should not be allowed for non-privilege apps am: 489369c429
Change-Id: I4fce40dfb2180ed5621b2420cbd6086ee2749a49
-rw-r--r-- | src/com/android/se/Terminal.java | 17 |
1 files changed, 11 insertions, 6 deletions
diff --git a/src/com/android/se/Terminal.java b/src/com/android/se/Terminal.java index 69b8368..fb507e0 100644 --- a/src/com/android/se/Terminal.java +++ b/src/com/android/se/Terminal.java @@ -406,7 +406,9 @@ public class Terminal { mName, packageName); try { - channelAccess = setUpChannelAccess(aid, packageName, pid); + // For application without privilege permission or carrier privilege, + // openBasicChannel with UICC terminals should be rejected. + channelAccess = setUpChannelAccess(aid, packageName, pid, true); } catch (MissingResourceException e) { return null; } @@ -493,7 +495,7 @@ public class Terminal { mName, packageName); try { - channelAccess = setUpChannelAccess(aid, packageName, pid); + channelAccess = setUpChannelAccess(aid, packageName, pid, false); } catch (MissingResourceException e) { return null; } @@ -699,8 +701,8 @@ public class Terminal { /** * Initialize the Access Control and set up the channel access. */ - private ChannelAccess setUpChannelAccess(byte[] aid, String packageName, int pid) - throws IOException, MissingResourceException { + private ChannelAccess setUpChannelAccess(byte[] aid, String packageName, int pid, + boolean isBasicChannel) throws IOException, MissingResourceException { boolean checkRefreshTag = true; if (isPrivilegedApplication(packageName)) { return ChannelAccess.getPrivilegeAccess(packageName, pid); @@ -723,17 +725,20 @@ public class Terminal { if (pm != null) { PackageInfo pkgInfo = pm.getPackageInfo(packageName, PackageManager.GET_SIGNATURES); - if (mAccessControlEnforcer.checkCarrierPrivilege(pkgInfo, checkRefreshTag)) { + // Do not check the refresh tag for carrier privilege + if (mAccessControlEnforcer.checkCarrierPrivilege(pkgInfo, false)) { Log.i(mTag, "setUp PrivilegeAccess for CarrierPrivilegeApplication. "); return ChannelAccess.getCarrierPrivilegeAccess(packageName, pid); } - checkRefreshTag = false; } } catch (NameNotFoundException ne) { Log.e(mTag, "checkCarrierPrivilege(): packageInfo is not found. "); } catch (Exception e) { Log.e(mTag, "checkCarrierPrivilege() Exception: " + e.getMessage()); } + if (isBasicChannel) { + throw new MissingResourceException("openBasicChannel is not allowed.", "", ""); + } } synchronized (mLock) { |