Deny the operation to select ISD-R aid

Do not directly provide privilege access to carrier privilege apps to select ISD-R aid. Fallback to GP rules checking. Bug: 157968163 Test: select ISD-R aid is not directly allowed for carrier privilege apps Merged-In: Id7dd6e3afcb88d97b7c62e8710ef16fbc35010f3 Change-Id: Id7dd6e3afcb88d97b7c62e8710ef16fbc35010f3
author: Jack Yu <jackcwyu@google.com> 2020-06-02 16:05:02 +0800
committer: Jack Yu <jackcwyu@google.com> 2020-06-08 14:56:37 +0800
commit: 69dbe6f5de0429289fce35841c2b394ea25a26bb (patch)
tree: eb1db0c53464d29ae8890c5150761d63205c60e0
parent: b8b2823edddd8275c1d154714f7965bbedfa1adb (diff)
1 files changed, 24 insertions, 1 deletions
diff --git a/src/com/android/se/Terminal.java b/src/com/android/se/Terminal.java
index fb507e0..080f337 100644
--- a/src/com/android/se/Terminal.java
+++ b/src/com/android/se/Terminal.java
@@ -51,6 +51,7 @@ import com.android.se.security.ChannelAccess;
 import java.io.IOException;
 import java.io.PrintWriter;
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.Collection;
 import java.util.HashMap;
 import java.util.Map;
@@ -84,6 +85,26 @@ public class Terminal {
     private static final String SECURE_ELEMENT_PRIVILEGED_OPERATION_PERMISSION =
             "android.permission.SECURE_ELEMENT_PRIVILEGED_OPERATION";
 
+    public static final byte[] ISD_R_AID =
+            new byte[]{
+                    (byte) 0xA0,
+                    (byte) 0x00,
+                    (byte) 0x00,
+                    (byte) 0x05,
+                    (byte) 0x59,
+                    (byte) 0x10,
+                    (byte) 0x10,
+                    (byte) 0xFF,
+                    (byte) 0xFF,
+                    (byte) 0xFF,
+                    (byte) 0xFF,
+                    (byte) 0x89,
+                    (byte) 0x00,
+                    (byte) 0x00,
+                    (byte) 0x01,
+                    (byte) 0x00,
+            };
+
     private ISecureElementHalCallback.Stub mHalCallback = new ISecureElementHalCallback.Stub() {
         @Override
         public void onStateChange(boolean state) {
@@ -719,7 +740,9 @@ public class Terminal {
         }
         mAccessControlEnforcer.setPackageManager(mContext.getPackageManager());
 
-        if (getName().startsWith(SecureElementService.UICC_TERMINAL)) {
+        // Check carrier privilege when AID is not ISD-R
+        if (getName().startsWith(SecureElementService.UICC_TERMINAL)
+                && !Arrays.equals(aid, ISD_R_AID)) {
             try {
                 PackageManager pm = mContext.getPackageManager();
                 if (pm != null) {
author	Jack Yu <jackcwyu@google.com>	2020-06-02 16:05:02 +0800
committer	Jack Yu <jackcwyu@google.com>	2020-06-08 14:56:37 +0800
commit	69dbe6f5de0429289fce35841c2b394ea25a26bb (patch)
tree	eb1db0c53464d29ae8890c5150761d63205c60e0
parent	b8b2823edddd8275c1d154714f7965bbedfa1adb (diff)