diff options
| author | Yerriswamy <yerriswamy.kurubathayanna@nxp.com> | 2020-04-14 08:31:34 +0530 |
|---|---|---|
| committer | nxf24591 <nanjesh.s_1@nxp.com> | 2020-05-01 00:48:12 +0530 |
| commit | 55ca1dd8684f0d136fcc9a8c4c0c39ce94b14887 (patch) | |
| tree | ed1ccf5410121077f49f13f6f6a8ec5934d7ef19 | |
| parent | 83fb85cafb113d5664680cb5aa221b929f5a01bc (diff) | |
{R-DP1} Unblock some operations for privilege applications
When applications with privilege permission or carrier privilege, allow
basic channel access and select operation in an opened channel.
Bug: 139701995
Test: build pass
Change-Id: I823202b9eadf012cfdf89bde5678c01bc8f77314
| -rw-r--r-- | src/com/android/se/Channel.java | 6 | ||||
| -rwxr-xr-x | src/com/android/se/SecureElementService.java | 3 | ||||
| -rwxr-xr-x | src/com/android/se/security/ChannelAccess.java | 22 |
3 files changed, 27 insertions, 4 deletions
diff --git a/src/com/android/se/Channel.java b/src/com/android/se/Channel.java index b0bc2c4..f9e073e 100644 --- a/src/com/android/se/Channel.java +++ b/src/com/android/se/Channel.java @@ -134,7 +134,11 @@ public class Channel implements IBinder.DeathRecipient { throw new SecurityException("MANAGE CHANNEL command not allowed"); } if ((command[1] == (byte) 0xA4) && (command[2] == (byte) 0x04)) { - throw new SecurityException("SELECT by DF name command not allowed"); + // SELECT by DF name is only allowed for CarrierPrivilege applications + // or system privilege applications + if (ChannelAccess.ACCESS.ALLOWED != mChannelAccess.getPrivilegeAccess()) { + throw new SecurityException("SELECT by DF name command not allowed"); + } } } diff --git a/src/com/android/se/SecureElementService.java b/src/com/android/se/SecureElementService.java index a46fc8d..a4fb12a 100755 --- a/src/com/android/se/SecureElementService.java +++ b/src/com/android/se/SecureElementService.java @@ -288,9 +288,6 @@ public final class SecureElementService extends Service { throw new IllegalStateException("Session is closed"); } else if (listener == null) { throw new NullPointerException("listener must not be null"); - } else if (mReader.getTerminal().getName().startsWith( - SecureElementService.UICC_TERMINAL)) { - return null; } else if ((p2 != 0x00) && (p2 != 0x04) && (p2 != 0x08) && (p2 != (byte) 0x0C)) { throw new UnsupportedOperationException("p2 not supported: " diff --git a/src/com/android/se/security/ChannelAccess.java b/src/com/android/se/security/ChannelAccess.java index d75ad15..8070bed 100755 --- a/src/com/android/se/security/ChannelAccess.java +++ b/src/com/android/se/security/ChannelAccess.java @@ -47,6 +47,7 @@ public class ChannelAccess { private String mReason = "no access by default"; private ACCESS mNFCEventAccess = ACCESS.UNDEFINED; private ApduFilter[] mApduFilter = null; + private ACCESS mPrivilegeAccess = ACCESS.UNDEFINED; /** Clones the ChannelAccess */ public ChannelAccess clone() { @@ -140,6 +141,7 @@ public class ChannelAccess { ca.setAccess(ACCESS.ALLOWED, "privilege application"); ca.setApduAccess(ACCESS.ALLOWED); ca.setNFCEventAccess(ACCESS.ALLOWED); + ca.setPrivilegeAccess(ACCESS.ALLOWED); return ca; } @@ -151,10 +153,28 @@ public class ChannelAccess { ca.setCallingPid(pid); ca.setAccess(ACCESS.ALLOWED, "Carrier-Privilege"); ca.setApduAccess(ACCESS.ALLOWED); + ca.setPrivilegeAccess(ACCESS.ALLOWED); return ca; } + public ACCESS getPrivilegeAccess() { + return mPrivilegeAccess; + } + + public void setPrivilegeAccess(ACCESS access) { + mPrivilegeAccess = access; + } + + public void setCarrierPrivilegeAccess(String packageName, int pid) { + mPackageName = packageName; + mCallingPid = pid; + mAccess = ACCESS.ALLOWED; + mApduAccess = ACCESS.ALLOWED; + mPrivilegeAccess = ACCESS.ALLOWED; + mReason = "Carrier-Privilege"; + } + @Override public String toString() { StringBuilder sb = new StringBuilder(); @@ -182,6 +202,8 @@ public class ChannelAccess { sb.append(mReason); sb.append(", mNFCEventAllowed="); sb.append(mNFCEventAccess); + sb.append(", mPrivilegeAccess="); + sb.append(mPrivilegeAccess); sb.append("]\n"); return sb.toString(); |