diff options
| author | Yerriswamy <yerriswamy.kurubathayanna@nxp.com> | 2020-04-14 08:14:06 +0530 |
|---|---|---|
| committer | nxf24591 <nanjesh.s_1@nxp.com> | 2020-05-01 00:48:12 +0530 |
| commit | 954e4c89757339b6690d70e4ea449e5bb112b3fe (patch) | |
| tree | d1c39c907836e9e73ca701c7379aa41547d6b25e | |
| parent | ba35f2f71d59bced47c1600ade00e1f735a94c17 (diff) | |
{R-DP1} Provide privilege access to system application
Provide access to eSE when system application granted privilege
permission.
Bug: 141963658
Test: Manual
Change-Id: I5f00ee71c4d42ea612abeeeb637248337af3c1f6
| -rwxr-xr-x | src/com/android/se/Terminal.java | 24 | ||||
| -rwxr-xr-x | src/com/android/se/security/ChannelAccess.java | 12 |
2 files changed, 35 insertions, 1 deletions
diff --git a/src/com/android/se/Terminal.java b/src/com/android/se/Terminal.java index 45b02ac..ba8b69e 100755 --- a/src/com/android/se/Terminal.java +++ b/src/com/android/se/Terminal.java @@ -133,6 +133,9 @@ public class Terminal { /** For each Terminal there will be one AccessController object. */ private AccessControlEnforcer mAccessControlEnforcer; + private static final String SECURE_ELEMENT_PRIVILEGED_PERMISSION = + "android.permission.SECURE_ELEMENT_PRIVILEGED"; + private ISecureElementHalCallback.Stub mHalCallback = new ISecureElementHalCallback.Stub() { @Override public void onStateChange(boolean state) { @@ -755,7 +758,10 @@ public class Terminal { boolean checkRefreshTag = true; // Attempt to initialize the access control enforcer if it failed // due to a kind of temporary failure or no rule was found in the previous attempt. - if (mAccessControlEnforcer == null || mAccessControlEnforcer.isNoRuleFound()) { + // For privilege access, do not attempt to initialize the access control enforcer + // if no rule was found in the previous attempt. + if (mAccessControlEnforcer == null || (!isPrivilegedApplication(packageName) + && mAccessControlEnforcer.isNoRuleFound())) { initializeAccessControl(); // Just finished to initialize the access control enforcer. // It is too much to check the refresh tag in this case. @@ -763,6 +769,10 @@ public class Terminal { } mAccessControlEnforcer.setPackageManager(mContext.getPackageManager()); + if (isPrivilegedApplication(packageName)) { + return ChannelAccess.getPrivilegeAccess(packageName, pid); + } + synchronized (mLock) { try { ChannelAccess channelAccess = @@ -800,6 +810,18 @@ public class Terminal { } } + /** + * Checks if Secure Element Privilege permission exists for the given package + */ + private boolean isPrivilegedApplication(String packageName) { + PackageManager pm = mContext.getPackageManager(); + if (pm != null) { + return (pm.checkPermission(SECURE_ELEMENT_PRIVILEGED_PERMISSION, + packageName) == PackageManager.PERMISSION_GRANTED); + } + return false; + } + public AccessControlEnforcer getAccessControlEnforcer() { return mAccessControlEnforcer; } diff --git a/src/com/android/se/security/ChannelAccess.java b/src/com/android/se/security/ChannelAccess.java index 3dcb966..31ca45e 100755 --- a/src/com/android/se/security/ChannelAccess.java +++ b/src/com/android/se/security/ChannelAccess.java @@ -132,6 +132,18 @@ public class ChannelAccess { mNFCEventAccess = access; } + /** Provides the ChannelAccess with Privilege Access */ + public static ChannelAccess getPrivilegeAccess(String packageName, int pid) { + ChannelAccess ca = new ChannelAccess(); + ca.setPackageName(packageName); + ca.setCallingPid(pid); + ca.setAccess(ACCESS.ALLOWED, "privilege application"); + ca.setApduAccess(ACCESS.ALLOWED); + ca.setNFCEventAccess(ACCESS.ALLOWED); + + return ca; + } + @Override public String toString() { StringBuilder sb = new StringBuilder(); |