1 files changed, 23 insertions, 1 deletions

diff --git a/src/com/android/se/Terminal.java b/src/com/android/se/Terminal.java
index 45b02ac..ba8b69e 100755
--- a/src/com/android/se/Terminal.java
+++ b/src/com/android/se/Terminal.java
@@ -133,6 +133,9 @@ public class Terminal {
     /** For each Terminal there will be one AccessController object. */
     private AccessControlEnforcer mAccessControlEnforcer;
 
+    private static final String SECURE_ELEMENT_PRIVILEGED_PERMISSION =
+            "android.permission.SECURE_ELEMENT_PRIVILEGED";
+
     private ISecureElementHalCallback.Stub mHalCallback = new ISecureElementHalCallback.Stub() {
         @Override
         public void onStateChange(boolean state) {
@@ -755,7 +758,10 @@ public class Terminal {
         boolean checkRefreshTag = true;
         // Attempt to initialize the access control enforcer if it failed
         // due to a kind of temporary failure or no rule was found in the previous attempt.
-        if (mAccessControlEnforcer == null || mAccessControlEnforcer.isNoRuleFound()) {
+        // For privilege access, do not attempt to initialize the access control enforcer
+        // if no rule was found in the previous attempt.
+        if (mAccessControlEnforcer == null || (!isPrivilegedApplication(packageName)
+                && mAccessControlEnforcer.isNoRuleFound())) {
             initializeAccessControl();
             // Just finished to initialize the access control enforcer.
             // It is too much to check the refresh tag in this case.
@@ -763,6 +769,10 @@ public class Terminal {
         }
         mAccessControlEnforcer.setPackageManager(mContext.getPackageManager());
 
+        if (isPrivilegedApplication(packageName)) {
+            return ChannelAccess.getPrivilegeAccess(packageName, pid);
+        }
+
         synchronized (mLock) {
             try {
                 ChannelAccess channelAccess =
@@ -800,6 +810,18 @@ public class Terminal {
         }
     }
 
+    /**
+     * Checks if Secure Element Privilege permission exists for the given package
+     */
+    private boolean isPrivilegedApplication(String packageName) {
+        PackageManager pm = mContext.getPackageManager();
+        if (pm != null) {
+            return (pm.checkPermission(SECURE_ELEMENT_PRIVILEGED_PERMISSION,
+                    packageName) == PackageManager.PERMISSION_GRANTED);
+        }
+        return false;
+    }
+
     public AccessControlEnforcer getAccessControlEnforcer() {
         return mAccessControlEnforcer;
     }