OpenBasicChannel with UICC should not be allowed for non-privilege apps am: 489369c429

Change-Id: I4fce40dfb2180ed5621b2420cbd6086ee2749a49

1 files changed, 11 insertions, 6 deletions

diff --git a/src/com/android/se/Terminal.java b/src/com/android/se/Terminal.java
index 69b8368..fb507e0 100644
--- a/src/com/android/se/Terminal.java
+++ b/src/com/android/se/Terminal.java
@@ -406,7 +406,9 @@ public class Terminal {
                     mName,
                     packageName);
             try {
-                channelAccess = setUpChannelAccess(aid, packageName, pid);
+                // For application without privilege permission or carrier privilege,
+                // openBasicChannel with UICC terminals should be rejected.
+                channelAccess = setUpChannelAccess(aid, packageName, pid, true);
             } catch (MissingResourceException e) {
                 return null;
             }
@@ -493,7 +495,7 @@ public class Terminal {
                     mName,
                     packageName);
             try {
-                channelAccess = setUpChannelAccess(aid, packageName, pid);
+                channelAccess = setUpChannelAccess(aid, packageName, pid, false);
             } catch (MissingResourceException e) {
                 return null;
             }
@@ -699,8 +701,8 @@ public class Terminal {
     /**
      * Initialize the Access Control and set up the channel access.
      */
-    private ChannelAccess setUpChannelAccess(byte[] aid, String packageName, int pid)
-            throws IOException, MissingResourceException {
+    private ChannelAccess setUpChannelAccess(byte[] aid, String packageName, int pid,
+            boolean isBasicChannel) throws IOException, MissingResourceException {
         boolean checkRefreshTag = true;
         if (isPrivilegedApplication(packageName)) {
             return ChannelAccess.getPrivilegeAccess(packageName, pid);
@@ -723,17 +725,20 @@ public class Terminal {
                 if (pm != null) {
                     PackageInfo pkgInfo =
                             pm.getPackageInfo(packageName, PackageManager.GET_SIGNATURES);
-                    if (mAccessControlEnforcer.checkCarrierPrivilege(pkgInfo, checkRefreshTag)) {
+                    // Do not check the refresh tag for carrier privilege
+                    if (mAccessControlEnforcer.checkCarrierPrivilege(pkgInfo, false)) {
                         Log.i(mTag, "setUp PrivilegeAccess for CarrierPrivilegeApplication. ");
                         return ChannelAccess.getCarrierPrivilegeAccess(packageName, pid);
                     }
-                    checkRefreshTag = false;
                 }
             } catch (NameNotFoundException ne) {
                 Log.e(mTag, "checkCarrierPrivilege(): packageInfo is not found. ");
             } catch (Exception e) {
                 Log.e(mTag, "checkCarrierPrivilege() Exception: " + e.getMessage());
             }
+            if (isBasicChannel) {
+                throw new MissingResourceException("openBasicChannel is not allowed.", "", "");
+            }
         }
 
         synchronized (mLock) {