Set default access permission as denied for eSE

am: 2adec4001b Change-Id: Ifbb77afcbec2ce42a8270d40e5b907d0f358d6d8
author: Jack Yu <jackcwyu@google.com> 2019-09-20 10:35:27 -0700
committer: android-build-merger <android-build-merger@google.com> 2019-09-20 10:35:27 -0700
commit: 29393c4bcc9d623dce21e73575c912c2a135e7df (patch)
tree: d7c4064ad6601cca1916415c7a3fc5f2584b978d /src
parent: 7ce385f81898133f69901fb4cc412d1ca06cca45 (diff)
parent: 2adec4001b7dde47ecbdb849dd615f28fc5aa68a (diff)
1 files changed, 2 insertions, 3 deletions
diff --git a/src/com/android/se/security/AccessControlEnforcer.java b/src/com/android/se/security/AccessControlEnforcer.java
index 22b82f0..79252bd 100644
--- a/src/com/android/se/security/AccessControlEnforcer.java
+++ b/src/com/android/se/security/AccessControlEnforcer.java
@@ -488,9 +488,8 @@ public class AccessControlEnforcer {
             }
         }
         if (!mTerminal.getName().startsWith(SecureElementService.UICC_TERMINAL)) {
-            // It shall be allowed to grant full access if no rule can be retrieved
-            // from the secure element except for UICC.
-            mFullAccess = true;
+            // Deny full access for eSE if no rule can be retrieved because of security concern
+            mFullAccess = false;
             // ARF is supported only on UICC.
             mUseArf = false;
         }
author	Jack Yu <jackcwyu@google.com>	2019-09-20 10:35:27 -0700
committer	android-build-merger <android-build-merger@google.com>	2019-09-20 10:35:27 -0700
commit	29393c4bcc9d623dce21e73575c912c2a135e7df (patch)
tree	d7c4064ad6601cca1916415c7a3fc5f2584b978d /src
parent	7ce385f81898133f69901fb4cc412d1ca06cca45 (diff)
parent	2adec4001b7dde47ecbdb849dd615f28fc5aa68a (diff)