diff options
| -rw-r--r-- | src/com/android/se/Channel.java | 8 | ||||
| -rwxr-xr-x | src/com/android/se/Terminal.java | 10 |
2 files changed, 11 insertions, 7 deletions
diff --git a/src/com/android/se/Channel.java b/src/com/android/se/Channel.java index f9e073e..4fbb2a0 100644 --- a/src/com/android/se/Channel.java +++ b/src/com/android/se/Channel.java @@ -240,8 +240,12 @@ public class Channel implements IBinder.DeathRecipient { // if not an exception is thrown mTerminal.getAccessControlEnforcer().checkCommand(this, command); } else { - throw new SecurityException("Access Controller not set for Terminal: " - + mTerminal.getName()); + // Allow access to Privileged App even if Access Control Enforcer is + // not initialized + if (ChannelAccess.ACCESS.ALLOWED != mChannelAccess.getPrivilegeAccess()) { + throw new SecurityException("Access Controller not set for Terminal: " + + mTerminal.getName()); + } } } diff --git a/src/com/android/se/Terminal.java b/src/com/android/se/Terminal.java index 0b5cc43..10cd865 100755 --- a/src/com/android/se/Terminal.java +++ b/src/com/android/se/Terminal.java @@ -760,12 +760,14 @@ public class Terminal { private ChannelAccess setUpChannelAccess(byte[] aid, String packageName, int pid) throws IOException, MissingResourceException { boolean checkRefreshTag = true; + if (isPrivilegedApplication(packageName)) { + return ChannelAccess.getPrivilegeAccess(packageName, pid); + } // Attempt to initialize the access control enforcer if it failed // due to a kind of temporary failure or no rule was found in the previous attempt. // For privilege access, do not attempt to initialize the access control enforcer // if no rule was found in the previous attempt. - if (mAccessControlEnforcer == null || (!isPrivilegedApplication(packageName) - && mAccessControlEnforcer.isNoRuleFound())) { + if (mAccessControlEnforcer == null || mAccessControlEnforcer.isNoRuleFound()) { initializeAccessControl(); // Just finished to initialize the access control enforcer. // It is too much to check the refresh tag in this case. @@ -773,9 +775,7 @@ public class Terminal { } mAccessControlEnforcer.setPackageManager(mContext.getPackageManager()); - if (isPrivilegedApplication(packageName)) { - return ChannelAccess.getPrivilegeAccess(packageName, pid); - } else if (getName().startsWith(SecureElementService.UICC_TERMINAL) + if (getName().startsWith(SecureElementService.UICC_TERMINAL) && isCarrierPrivilegeApplication(packageName)) { return ChannelAccess.getCarrierPrivilegeAccess(packageName, pid); } |