| Age | Commit message (Collapse) | Author |
|---|
|
Keep the same order than SEHAL 1.0.
Change-Id: I65c0fe98c4cafd179be3708e53b6d40165acd9f6
|
|
NFC_IN_USE has been moved to SecureElement from Frameworks for better
code alignment
|
|
mSEHal is null while onStateChanged_1_1(true,"") invoked as part of
init_1_1.
|
|
|
|
|
|
nxpEseHalIoctl call is needed only for reader eSE1.
|
|
In cases of off-host transaction, there is a contention for the eSE
causing delays for the transaction. Not checking for the refresh tag
and using the access rules from the cache in case it exists will
avoid the contention.
|
|
Session and Terminal should output more logs helpful for the device
development. This change adds logs for openBasicChannel(),
openLogicalChannel() and getAtr(). New logs should be output only for
debuggable build variants.
Bug: 128686348
Test: Manually checked the logs.
Change-Id: Ic0f3e16da9d03b46bb00053744de93d17949c0cb
|
|
Test:Check logged data locally
Bug:116641110
Change-Id: I696f66ab9c467f2310338963910907fc878dab7a
|
|
If SE HAL 1.1 is not supported, try SE HAL 1.0
Test:Check secure element sevice loaded
Change-Id: I9657792000a61876242e2f7230ddafe9936d8c70
|
|
Test: manual
Bug: 122590188
Change-Id: I28d2bec166cf786fedd0444778583073492de804
|
|
In cases of off-host transaction, there is a contention for the eSE
causing delays for the transaction. Not checking for the refresh tag
and using the access rules from the cache in case it exists will
avoid the contention.
Test: Manual
Bug: 119260337
Change-Id: I359f4eb20ba8d61f3a8e5e7ff382b61bd59edfd8
|
|
Following changes are done:-
1) Added API to send IOCTL to ESE HAL
2) Added logic to get SHA1 of the calling applications
|
|
If no access rule is accessible, access to secure element is allowed in
eSE case and denied in UICC SE case in accordance with the chapter 4 of
GP SEAC specification. The problem with the current implementation is
that there is no mechanism to re-initialize Access Control Enforcer when
access rule becomes accessible. If access rule is installed to the
secure element, Access Controler Enforcer shall work to cache the rules.
Bug: 111195321
Test: Confirmed that new access rules are cached in the next attempt.
Change-Id: Ib56301e1150256028414d64e0fc2396e35791390
|
|
getService(<instance>, true) will wait for the service to start.
Test: Add delays and check if the client waits;
Bug: 110053681
Bug: 110972464
Change-Id: I5a0b708e93274810c2852837429695213da50b7b
|
|
|
|
All the channels in use should be closed if new SE gets available as the
existing logical channels were opened in accordance with the access
rules previously retrieved.
Bug: 77771494
Test: All the existing channels in use are closed as expected.
Change-Id: Iaca08bdfbdae9b1ba5a1cb863483758242272536
|
|
SecureElement application shall receive a callback when SE HAL died and
attempt to obtain it again. To achieve it, the code to initialize SE HAL
should be moved from SecureElementService to Terminal.
Bug: 77606969
Test: Confirmed that Terminal can get SE HAL again after the accident.
Change-Id: I76a02464874d82f75daec4b4b70be4211e2d19ad
|
|
If an application uses a partial AID while opening a
channel, and select response returns the full AID, then
selectNext() fails because there is a mismatch in the AID.
Storing the AID that was used to open the channel fixes the
issue.
Test: OMAPI CTS Test
Bug: 74436845
Change-Id: I3c2c5c36bae818367c0fd010c041eadb59fcbe49
|
|
Even if the terminal once failed to retrieve the access rules from the
secure element due to a kind of temporary failure like IO error or the
lack of a logical channel available, it shall have a chance to attempt
to do it again.
Bug: 75236408
Test: Manually tested multiple scenarios with pseudo temporary failures.
Change-Id: Id5c492b98e2f654e4fc833abb7f8a0c4e1cc4625
|
|
HAL implementation needs an indication when there aren't any active
channels so that lower power mode can be achieved.
Calling close for basic channel will inform them when basic channel
is not in use.
Test: Test application; open/close basic channel
Bug: 74550883
Change-Id: Idaaac62bc26af664a2fc9fffa96e179804905553
|
|
Full access should be permitted if eSE does not have ARA applet. On the
other hand, full access shall not be granted if it is uncertain whether
access rule does not exist on the secure element.
Bug: 73974445
Test: Executed manual test cases for UICC and eSE
Change-Id: Id56f8dbdb153724a6fd654489acf7df751d2711c
|
|
The device must avoid to log any sensitive information such as APDU
command or response exchanged in communication with applet located in
the secure element. Refer to TS26_NFC_REQ_163 described in TS.26 - NFC
Handset Requirements.
Bug: 74127314
Test: Confirmed that GSMA TS.27 TC 15.9.3.2.1 does not fail.
Change-Id: I62fdf021a2f1be77d2608dae9061c5780ea245f1
|
|
SecurityException shall never be thrown when the terminal cannnot
retrieve access rules due to the lack of a logical channel available.
Bug: 74094532
Test: OMAPI TC 6.4.7 ID5a and TC 6.4.10 ID5a pass with this change.
Change-Id: I95b1053dd61729f8ff3bce373b2df04a6e172273
|
|
IOException shall be thrown to client application if communication
problem happens between the terminal and the secure element while the
terminal retrieves the access rules. That is the expected behavior
described in the clause 6.2.7 (h) of Open Mobile API Specification.
Bug: 74094356
Test: OMAPI TC 6.4.7 ID8 and TC 6.4.10 ID8 pass with this change.
Change-Id: If444384541d3425e9a0dc052e933c9739a9f1025
|
|
IOException shall be thrown to client application if communication
problem happens between the terminal and the secure element while the
terminal retrieves the access rules. That is the expected behavior
described in the clause 6.2.7 (h) of Open Mobile API Specification.
Bug: 74094356
Test: OMAPI TC 6.4.7 ID8 and TC 6.4.10 ID8 pass with this change.
Change-Id: I5baae8356d2ab2f61b2e45647d7e6b6a297b2483
|
|
Throw an exception when NO_SUCH_ELEMENT_ERROR is encountered.
selectResponse should be null if SELECT has not been performed.
mDefaultApplicationSelectedOnBasicChannel should only be reset if the
Secure Element has gone through a reset.
Test: Secure Element initializes
Change-Id: Ibd7f44b1b999d265e39336b764cd729f0156d468
|
|
This contribution is an implementation of the GlobalPlatform
Open Mobile API for Android with some modifications to
namespaces and packages to make it suitable as a core
Android component.
This contribution is based on:
0001-Open-Source-Contribution-of-Smartcard-Service-for-fr.patch
which can be found in
https://portland.source.codeaurora.org/patches/quic/la/PATCH_217881_OpenMobileAPI_20171208.tar.gz
and
0001-Code-reorganization-of-Open-Mobile-API-packages-apps.patch
which can be found in
https://portland.source.codeaurora.org/patches/quic/la/PATCH_217881_OpenMobileAPI_20171206.tar.gz
The first patch should be applied, followed by the second.
The submitted patchs were originally derived from
https://source.codeaurora.org/quic/la/platform/packages/apps/SmartCardService/commit/?h=LA.BF64.1.2.1&id=06ecea9abb8264049f52c7e31c0bc13330a425d5.
Test: Basic functionality test on target device
- Verify access rules are read from ARF on start-up
- Verify that access rules are updated on refresh tag
- Verify basic APDU transfer
Test performed in conjunction with commit
0269d238c1fc1212c8e7eb1717b47977f8f3b1fa on frameworks/base
Change-Id: Ia6c5b3657f83efa1551a067bd6aee03c68876c09
Signed-off-by: Jeremy O'Donoghue <jodonogh@codeaurora.org>
|
