diff options
| -rwxr-xr-x | src/com/android/se/Terminal.java | 24 | ||||
| -rwxr-xr-x | src/com/android/se/security/ChannelAccess.java | 12 |
2 files changed, 35 insertions, 1 deletions
diff --git a/src/com/android/se/Terminal.java b/src/com/android/se/Terminal.java index 45b02ac..ba8b69e 100755 --- a/src/com/android/se/Terminal.java +++ b/src/com/android/se/Terminal.java @@ -133,6 +133,9 @@ public class Terminal { /** For each Terminal there will be one AccessController object. */ private AccessControlEnforcer mAccessControlEnforcer; + private static final String SECURE_ELEMENT_PRIVILEGED_PERMISSION = + "android.permission.SECURE_ELEMENT_PRIVILEGED"; + private ISecureElementHalCallback.Stub mHalCallback = new ISecureElementHalCallback.Stub() { @Override public void onStateChange(boolean state) { @@ -755,7 +758,10 @@ public class Terminal { boolean checkRefreshTag = true; // Attempt to initialize the access control enforcer if it failed // due to a kind of temporary failure or no rule was found in the previous attempt. - if (mAccessControlEnforcer == null || mAccessControlEnforcer.isNoRuleFound()) { + // For privilege access, do not attempt to initialize the access control enforcer + // if no rule was found in the previous attempt. + if (mAccessControlEnforcer == null || (!isPrivilegedApplication(packageName) + && mAccessControlEnforcer.isNoRuleFound())) { initializeAccessControl(); // Just finished to initialize the access control enforcer. // It is too much to check the refresh tag in this case. @@ -763,6 +769,10 @@ public class Terminal { } mAccessControlEnforcer.setPackageManager(mContext.getPackageManager()); + if (isPrivilegedApplication(packageName)) { + return ChannelAccess.getPrivilegeAccess(packageName, pid); + } + synchronized (mLock) { try { ChannelAccess channelAccess = @@ -800,6 +810,18 @@ public class Terminal { } } + /** + * Checks if Secure Element Privilege permission exists for the given package + */ + private boolean isPrivilegedApplication(String packageName) { + PackageManager pm = mContext.getPackageManager(); + if (pm != null) { + return (pm.checkPermission(SECURE_ELEMENT_PRIVILEGED_PERMISSION, + packageName) == PackageManager.PERMISSION_GRANTED); + } + return false; + } + public AccessControlEnforcer getAccessControlEnforcer() { return mAccessControlEnforcer; } diff --git a/src/com/android/se/security/ChannelAccess.java b/src/com/android/se/security/ChannelAccess.java index 3dcb966..31ca45e 100755 --- a/src/com/android/se/security/ChannelAccess.java +++ b/src/com/android/se/security/ChannelAccess.java @@ -132,6 +132,18 @@ public class ChannelAccess { mNFCEventAccess = access; } + /** Provides the ChannelAccess with Privilege Access */ + public static ChannelAccess getPrivilegeAccess(String packageName, int pid) { + ChannelAccess ca = new ChannelAccess(); + ca.setPackageName(packageName); + ca.setCallingPid(pid); + ca.setAccess(ACCESS.ALLOWED, "privilege application"); + ca.setApduAccess(ACCESS.ALLOWED); + ca.setNFCEventAccess(ACCESS.ALLOWED); + + return ca; + } + @Override public String toString() { StringBuilder sb = new StringBuilder(); |