Deny the operation to select ISD-R aid

Do not directly provide privilege access to carrier privilege apps to select ISD-R aid. Fallback to GP rules checking.
author: Ganesh Deva <ganesh.deva_1@nxp.com> 2020-07-22 19:22:02 +0530
committer: nxf24591 <nanjesh.s_1@nxp.com> 2020-09-08 17:44:08 +0530
commit: 16b953a585b2e6f24565d40ba1dd88f3112f21a3 (patch)
tree: 6f244e662edea6646d641ba928ec90b0a16ab661
parent: 43d7b77df86bc370f74b8fc6ea4f9d8df29bfc79 (diff)
1 files changed, 24 insertions, 1 deletions
diff --git a/src/com/android/se/Terminal.java b/src/com/android/se/Terminal.java
index d86a52d..a6a074b 100755
--- a/src/com/android/se/Terminal.java
+++ b/src/com/android/se/Terminal.java
@@ -72,6 +72,7 @@ import com.android.se.security.ChannelAccess;
 import java.io.IOException;
 import java.io.PrintWriter;
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.Collection;
 import java.util.HashMap;
 import java.util.Map;
@@ -142,6 +143,26 @@ public class Terminal {
     private static final String SECURE_ELEMENT_PRIVILEGED_OPERATION_PERMISSION =
             "android.permission.SECURE_ELEMENT_PRIVILEGED_OPERATION";
 
+    public static final byte[] ISD_R_AID =
+            new byte[]{
+                    (byte) 0xA0,
+                    (byte) 0x00,
+                    (byte) 0x00,
+                    (byte) 0x05,
+                    (byte) 0x59,
+                    (byte) 0x10,
+                    (byte) 0x10,
+                    (byte) 0xFF,
+                    (byte) 0xFF,
+                    (byte) 0xFF,
+                    (byte) 0xFF,
+                    (byte) 0x89,
+                    (byte) 0x00,
+                    (byte) 0x00,
+                    (byte) 0x01,
+                    (byte) 0x00,
+            };
+
     private ISecureElementHalCallback.Stub mHalCallback = new ISecureElementHalCallback.Stub() {
         @Override
         public void onStateChange(boolean state) {
@@ -819,7 +840,9 @@ public class Terminal {
         }
         mAccessControlEnforcer.setPackageManager(mContext.getPackageManager());
 
-        if (getName().startsWith(SecureElementService.UICC_TERMINAL)) {
+        // Check carrier privilege when AID is not ISD-R
+        if (getName().startsWith(SecureElementService.UICC_TERMINAL)
+                && !Arrays.equals(aid, ISD_R_AID)) {
             try {
                 PackageManager pm = mContext.getPackageManager();
                 if (pm != null) {
author	Ganesh Deva <ganesh.deva_1@nxp.com>	2020-07-22 19:22:02 +0530
committer	nxf24591 <nanjesh.s_1@nxp.com>	2020-09-08 17:44:08 +0530
commit	16b953a585b2e6f24565d40ba1dd88f3112f21a3 (patch)
tree	6f244e662edea6646d641ba928ec90b0a16ab661
parent	43d7b77df86bc370f74b8fc6ea4f9d8df29bfc79 (diff)