diff options
author | android-build-team Robot <android-build-team-robot@google.com> | 2018-03-21 07:21:52 +0000 |
---|---|---|
committer | android-build-team Robot <android-build-team-robot@google.com> | 2018-03-21 07:21:52 +0000 |
commit | 1fef222667fea74c98bf4a3893330ac3c6fe9e17 (patch) | |
tree | 1b1be2c4ef8c15ba0fac21bbf1ddcd2fab3b299c | |
parent | efead74b8d9d076ab33c5b6f8dfab7a302c0c360 (diff) | |
parent | 026b4bb80c2405db3f5c4017f29e4cb8e5137882 (diff) | |
download | SecureElement-1fef222667fea74c98bf4a3893330ac3c6fe9e17.tar.gz |
Snap for 4667902 from 026b4bb80c2405db3f5c4017f29e4cb8e5137882 to pi-release
Change-Id: I58e551834d628eb510842bd77efbef233f0d12c8
-rw-r--r-- | src/com/android/se/SecureElementService.java | 2 | ||||
-rw-r--r-- | src/com/android/se/Terminal.java | 56 | ||||
-rw-r--r-- | src/com/android/se/security/AccessControlEnforcer.java | 38 | ||||
-rw-r--r-- | src/com/android/se/security/AccessRuleCache.java | 4 | ||||
-rw-r--r-- | src/com/android/se/security/arf/PKCS15/PKCS15Handler.java | 6 | ||||
-rw-r--r-- | src/com/android/se/security/arf/SecureElement.java | 6 |
6 files changed, 58 insertions, 54 deletions
diff --git a/src/com/android/se/SecureElementService.java b/src/com/android/se/SecureElementService.java index 45b0df4..20f0524 100644 --- a/src/com/android/se/SecureElementService.java +++ b/src/com/android/se/SecureElementService.java @@ -91,7 +91,7 @@ public final class SecureElementService extends Service { throw new IllegalArgumentException("package names not specified"); } Terminal terminal = getTerminal(reader); - return terminal.isNfcEventAllowed(getPackageManager(), aid, packageNames, true); + return terminal.isNfcEventAllowed(getPackageManager(), aid, packageNames); } @Override diff --git a/src/com/android/se/Terminal.java b/src/com/android/se/Terminal.java index c1aeb2c..6f48a7e 100644 --- a/src/com/android/se/Terminal.java +++ b/src/com/android/se/Terminal.java @@ -84,7 +84,11 @@ public class Terminal { mAccessControlEnforcer.reset(); } } else { - initializeAccessControl(); + try { + initializeAccessControl(); + } catch (Exception e) { + // ignore + } synchronized (mLock) { mDefaultApplicationSelectedOnBasicChannel = true; } @@ -258,7 +262,7 @@ public class Terminal { Log.w(mTag, "Enable access control on basic channel for " + packageName); ChannelAccess channelAccess; try { - channelAccess = setUpChannelAccess(aid, packageName, true, pid); + channelAccess = setUpChannelAccess(aid, packageName, pid); } catch (MissingResourceException e) { return null; } @@ -346,7 +350,7 @@ public class Terminal { if (packageName != null) { Log.w(mTag, "Enable access control on logical channel for " + packageName); try { - channelAccess = setUpChannelAccess(aid, packageName, true, pid); + channelAccess = setUpChannelAccess(aid, packageName, pid); } catch (MissingResourceException e) { return null; } @@ -493,14 +497,19 @@ public class Terminal { /** * Checks if the application is authorized to receive the transaction event. */ - public boolean[] isNfcEventAllowed( - PackageManager packageManager, - byte[] aid, - String[] packageNames, - boolean checkRefreshTag) { + public boolean[] isNfcEventAllowed(PackageManager packageManager, byte[] aid, + String[] packageNames) { + boolean checkRefreshTag = true; if (mAccessControlEnforcer == null) { - Log.e(mTag, "Access Control Enforcer not properly set up"); - initializeAccessControl(); + try { + initializeAccessControl(); + // Just finished to initialize the access control enforcer. + // It is too much to check the refresh tag in this case. + checkRefreshTag = false; + } catch (Exception e) { + Log.i(mTag, "isNfcEventAllowed Exception: " + e.getMessage()); + return null; + } } mAccessControlEnforcer.setPackageManager(packageManager); @@ -530,11 +539,14 @@ public class Terminal { /** * Initialize the Access Control and set up the channel access. */ - private ChannelAccess setUpChannelAccess(byte[] aid, String packageName, - boolean checkRefreshTag, int pid) throws IOException { + private ChannelAccess setUpChannelAccess(byte[] aid, String packageName, int pid) + throws IOException, MissingResourceException { + boolean checkRefreshTag = true; if (mAccessControlEnforcer == null) { - Log.e(mTag, "Access Control Enforcer not properly set up"); initializeAccessControl(); + // Just finished to initialize the access control enforcer. + // It is too much to check the refresh tag in this case. + checkRefreshTag = false; } mAccessControlEnforcer.setPackageManager(mContext.getPackageManager()); @@ -545,9 +557,7 @@ public class Terminal { checkRefreshTag); channelAccess.setCallingPid(pid); return channelAccess; - } catch (IOException e) { - throw e; - } catch (MissingResourceException e) { + } catch (IOException | MissingResourceException e) { throw e; } catch (Exception e) { throw new SecurityException("Exception in setUpChannelAccess()" + e); @@ -558,12 +568,22 @@ public class Terminal { /** * Initializes the Access Control for this Terminal */ - private synchronized void initializeAccessControl() { + private synchronized void initializeAccessControl() throws IOException, + MissingResourceException { synchronized (mLock) { if (mAccessControlEnforcer == null) { mAccessControlEnforcer = new AccessControlEnforcer(this); } - mAccessControlEnforcer.initialize(true); + try { + mAccessControlEnforcer.initialize(); + } catch (IOException | MissingResourceException e) { + // Retrieving access rules failed because of an IO error happened between + // the terminal and the secure element or the lack of a logical channel available. + // It might be a temporary failure, so the terminal shall attempt to cache + // the access rules again later. + mAccessControlEnforcer = null; + throw e; + } } } diff --git a/src/com/android/se/security/AccessControlEnforcer.java b/src/com/android/se/security/AccessControlEnforcer.java index 208ea65..7273cdd 100644 --- a/src/com/android/se/security/AccessControlEnforcer.java +++ b/src/com/android/se/security/AccessControlEnforcer.java @@ -138,7 +138,7 @@ public class AccessControlEnforcer { } /** Initializes the Access Control for the Secure Element */ - public synchronized boolean initialize(boolean loadAtStartup) { + public synchronized void initialize() throws IOException, MissingResourceException { boolean status = true; String denyMsg = ""; // allow access to set up access control for a channel @@ -166,6 +166,8 @@ public class AccessControlEnforcer { // disable other access methods mUseArf = false; mFullAccess = false; + } catch (IOException | MissingResourceException e) { + throw e; } catch (Exception e) { // ARA cannot be used since we got an exception during initialization mUseAra = false; @@ -212,6 +214,8 @@ public class AccessControlEnforcer { // disable other access methods Log.i(mTag, "ARF rules are used for:" + mTerminal.getName()); mFullAccess = false; + } catch (IOException | MissingResourceException e) { + throw e; } catch (Exception e) { // ARF cannot be used since we got an exception mUseArf = false; @@ -240,7 +244,6 @@ public class AccessControlEnforcer { } mRulesRead = status; - return status; } /** Check if the Channel has permission for the given APDU */ @@ -323,9 +326,7 @@ public class AccessControlEnforcer { updateAccessRuleIfNeed(); } return getAccessRule(aid, appCerts); - } catch (IOException e) { - throw e; - } catch (MissingResourceException e) { + } catch (IOException | MissingResourceException e) { throw e; } catch (Throwable exp) { throw new AccessControlException(exp.getMessage()); @@ -400,10 +401,7 @@ public class AccessControlEnforcer { if (checkRefreshTag) { try { updateAccessRuleIfNeed(); - } catch (IOException e) { - throw new AccessControlException("Access-Control not found in " - + mTerminal.getName()); - } catch (MissingResourceException e) { + } catch (IOException | MissingResourceException e) { throw new AccessControlException("Access-Control not found in " + mTerminal.getName()); } @@ -438,13 +436,10 @@ public class AccessControlEnforcer { mAraController.initialize(); mUseArf = false; mFullAccess = false; - } catch (IOException e) { - // There was a communication error between the terminal and the SE. - // IOError shall be notified to the client application in this case. - throw e; - } catch (MissingResourceException e) { - // Failure in retrieving rules due to the lack of a new logical channel - // (and only this failure) should not result in a security exception. + } catch (IOException | MissingResourceException e) { + // There was a communication error between the terminal and the secure element + // or failure in retrieving rules due to the lack of a new logical channel. + // These errors must be distinguished from other ones. throw e; } catch (Exception e) { throw new AccessControlException("No ARA applet found in " + mTerminal.getName()); @@ -452,13 +447,10 @@ public class AccessControlEnforcer { } else if (mUseArf && mArfController != null) { try { mArfController.initialize(); - } catch (IOException e) { - // There was a communication error between the terminal and the SE. - // IOError shall be notified to the client application in this case. - throw e; - } catch (MissingResourceException e) { - // Failure in retrieving rules due to the lack of a new logical channel - // (and only this failure) should not result in a security exception. + } catch (IOException | MissingResourceException e) { + // There was a communication error between the terminal and the secure element + // or failure in retrieving rules due to the lack of a new logical channel. + // These errors must be distinguished from other ones. throw e; } catch (Exception e) { Log.e(mTag, e.getMessage()); diff --git a/src/com/android/se/security/AccessRuleCache.java b/src/com/android/se/security/AccessRuleCache.java index 86a5a78..1a4f2eb 100644 --- a/src/com/android/se/security/AccessRuleCache.java +++ b/src/com/android/se/security/AccessRuleCache.java @@ -273,7 +273,7 @@ public class AccessRuleCache { // let's take care about the undefined rules, according to the GP specification: ChannelAccess ca = mRuleCache.get(ref_do); if (ca.getApduAccess() == ChannelAccess.ACCESS.UNDEFINED) { - ca.setApduAccess(ChannelAccess.ACCESS.ALLOWED); + ca.setApduAccess(ChannelAccess.ACCESS.DENIED); } if ((ca.getNFCEventAccess() == ChannelAccess.ACCESS.UNDEFINED) && (ca.getApduAccess() != ChannelAccess.ACCESS.UNDEFINED)) { @@ -328,7 +328,7 @@ public class AccessRuleCache { // let's take care about the undefined rules, according to the GP specification: ChannelAccess ca = mRuleCache.get(ref_do); if (ca.getApduAccess() == ChannelAccess.ACCESS.UNDEFINED) { - ca.setApduAccess(ChannelAccess.ACCESS.ALLOWED); + ca.setApduAccess(ChannelAccess.ACCESS.DENIED); } if ((ca.getNFCEventAccess() == ChannelAccess.ACCESS.UNDEFINED) && (ca.getApduAccess() != ChannelAccess.ACCESS.UNDEFINED)) { diff --git a/src/com/android/se/security/arf/PKCS15/PKCS15Handler.java b/src/com/android/se/security/arf/PKCS15/PKCS15Handler.java index c8e1aad..a7c216d 100644 --- a/src/com/android/se/security/arf/PKCS15/PKCS15Handler.java +++ b/src/com/android/se/security/arf/PKCS15/PKCS15Handler.java @@ -252,11 +252,7 @@ public class PKCS15Handler { try { initACEntryPoint(); return updateACRules(); - } catch (IOException e) { - throw e; - } catch (MissingResourceException e) { - throw e; - } catch (NoSuchElementException e) { + } catch (IOException | MissingResourceException | NoSuchElementException e) { throw e; } catch (Exception e) { Log.e(mTag, mSELabel + " rules not correctly initialized! " + e.getLocalizedMessage()); diff --git a/src/com/android/se/security/arf/SecureElement.java b/src/com/android/se/security/arf/SecureElement.java index f3accc0..2905913 100644 --- a/src/com/android/se/security/arf/SecureElement.java +++ b/src/com/android/se/security/arf/SecureElement.java @@ -109,11 +109,7 @@ public class SecureElement { } setUpChannelAccess(mArfChannel); return mArfChannel; - } catch (IOException e) { - throw e; - } catch (MissingResourceException e) { - throw e; - } catch (NoSuchElementException e) { + } catch (IOException | MissingResourceException | NoSuchElementException e) { throw e; } catch (Exception e) { Log.e(mTag, "Error opening logical channel " + e.getLocalizedMessage()); |