diff options
| author | Yerriswamy <yerriswamy.kurubathayanna@nxp.com> | 2020-04-14 09:04:24 +0530 |
|---|---|---|
| committer | nxf24591 <nanjesh.s_1@nxp.com> | 2020-05-01 00:48:12 +0530 |
| commit | 78601dbd2a21c9998f143adbb7a8f2d021d1d916 (patch) | |
| tree | ce44a81dab2c49741695a990e033f45ce0ebd49f | |
| parent | df19af2caf99f897464b678ae56f49901937389f (diff) | |
{R-DP2} Allow privilege app access to open channel
Allow privilege app access to open channel even if
AccessControlEnforcer is not available.
Throw exception only for non privileged access.
Bug: 149632580
Test: OpenBasicChannel from Privileged/Non privileged app
Change-Id: Ie188d397f6bf641923d010ad3a9d00d21bc9351b
| -rw-r--r-- | src/com/android/se/Channel.java | 8 | ||||
| -rwxr-xr-x | src/com/android/se/Terminal.java | 10 |
2 files changed, 11 insertions, 7 deletions
diff --git a/src/com/android/se/Channel.java b/src/com/android/se/Channel.java index f9e073e..4fbb2a0 100644 --- a/src/com/android/se/Channel.java +++ b/src/com/android/se/Channel.java @@ -240,8 +240,12 @@ public class Channel implements IBinder.DeathRecipient { // if not an exception is thrown mTerminal.getAccessControlEnforcer().checkCommand(this, command); } else { - throw new SecurityException("Access Controller not set for Terminal: " - + mTerminal.getName()); + // Allow access to Privileged App even if Access Control Enforcer is + // not initialized + if (ChannelAccess.ACCESS.ALLOWED != mChannelAccess.getPrivilegeAccess()) { + throw new SecurityException("Access Controller not set for Terminal: " + + mTerminal.getName()); + } } } diff --git a/src/com/android/se/Terminal.java b/src/com/android/se/Terminal.java index 0b5cc43..10cd865 100755 --- a/src/com/android/se/Terminal.java +++ b/src/com/android/se/Terminal.java @@ -760,12 +760,14 @@ public class Terminal { private ChannelAccess setUpChannelAccess(byte[] aid, String packageName, int pid) throws IOException, MissingResourceException { boolean checkRefreshTag = true; + if (isPrivilegedApplication(packageName)) { + return ChannelAccess.getPrivilegeAccess(packageName, pid); + } // Attempt to initialize the access control enforcer if it failed // due to a kind of temporary failure or no rule was found in the previous attempt. // For privilege access, do not attempt to initialize the access control enforcer // if no rule was found in the previous attempt. - if (mAccessControlEnforcer == null || (!isPrivilegedApplication(packageName) - && mAccessControlEnforcer.isNoRuleFound())) { + if (mAccessControlEnforcer == null || mAccessControlEnforcer.isNoRuleFound()) { initializeAccessControl(); // Just finished to initialize the access control enforcer. // It is too much to check the refresh tag in this case. @@ -773,9 +775,7 @@ public class Terminal { } mAccessControlEnforcer.setPackageManager(mContext.getPackageManager()); - if (isPrivilegedApplication(packageName)) { - return ChannelAccess.getPrivilegeAccess(packageName, pid); - } else if (getName().startsWith(SecureElementService.UICC_TERMINAL) + if (getName().startsWith(SecureElementService.UICC_TERMINAL) && isCarrierPrivilegeApplication(packageName)) { return ChannelAccess.getCarrierPrivilegeAccess(packageName, pid); } |