Deny the operation to select ISD-R aid am: 69dbe6f5de am: 7074bc2780

Original change: https://googleplex-android-review.googlesource.com/c/platform/packages/apps/SecureElement/+/11786959 Change-Id: Id6b8519ca333e1897377c231dcb0a7bcf4bbe340
author: Jack Yu <jackcwyu@google.com> 2020-06-08 16:18:34 +0000
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> 2020-06-08 16:18:34 +0000
commit: bf247e11b235326419138f48149a22eda96e8cfd (patch)
tree: eb1db0c53464d29ae8890c5150761d63205c60e0
parent: ee6ff13512386265a18ba1a41b1383c05e142fe8 (diff)
parent: 7074bc2780e4118a4e10aad17c7cd2bbc1d3ba70 (diff)
1 files changed, 24 insertions, 1 deletions
diff --git a/src/com/android/se/Terminal.java b/src/com/android/se/Terminal.java
index fb507e0..080f337 100644
--- a/src/com/android/se/Terminal.java
+++ b/src/com/android/se/Terminal.java
@@ -51,6 +51,7 @@ import com.android.se.security.ChannelAccess;
 import java.io.IOException;
 import java.io.PrintWriter;
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.Collection;
 import java.util.HashMap;
 import java.util.Map;
@@ -84,6 +85,26 @@ public class Terminal {
     private static final String SECURE_ELEMENT_PRIVILEGED_OPERATION_PERMISSION =
             "android.permission.SECURE_ELEMENT_PRIVILEGED_OPERATION";
 
+    public static final byte[] ISD_R_AID =
+            new byte[]{
+                    (byte) 0xA0,
+                    (byte) 0x00,
+                    (byte) 0x00,
+                    (byte) 0x05,
+                    (byte) 0x59,
+                    (byte) 0x10,
+                    (byte) 0x10,
+                    (byte) 0xFF,
+                    (byte) 0xFF,
+                    (byte) 0xFF,
+                    (byte) 0xFF,
+                    (byte) 0x89,
+                    (byte) 0x00,
+                    (byte) 0x00,
+                    (byte) 0x01,
+                    (byte) 0x00,
+            };
+
     private ISecureElementHalCallback.Stub mHalCallback = new ISecureElementHalCallback.Stub() {
         @Override
         public void onStateChange(boolean state) {
@@ -719,7 +740,9 @@ public class Terminal {
         }
         mAccessControlEnforcer.setPackageManager(mContext.getPackageManager());
 
-        if (getName().startsWith(SecureElementService.UICC_TERMINAL)) {
+        // Check carrier privilege when AID is not ISD-R
+        if (getName().startsWith(SecureElementService.UICC_TERMINAL)
+                && !Arrays.equals(aid, ISD_R_AID)) {
             try {
                 PackageManager pm = mContext.getPackageManager();
                 if (pm != null) {
author	Jack Yu <jackcwyu@google.com>	2020-06-08 16:18:34 +0000
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2020-06-08 16:18:34 +0000
commit	bf247e11b235326419138f48149a22eda96e8cfd (patch)
tree	eb1db0c53464d29ae8890c5150761d63205c60e0
parent	ee6ff13512386265a18ba1a41b1383c05e142fe8 (diff)
parent	7074bc2780e4118a4e10aad17c7cd2bbc1d3ba70 (diff)