| Age | Commit message (Collapse) | Author |
|---|
|
catch illegalArguementException when UICC terminal is not available.
|
|
If no access rule is accessible, access to secure element is allowed in
eSE case and denied in UICC SE case in accordance with the chapter 4 of
GP SEAC specification. The problem with the current implementation is
that there is no mechanism to re-initialize Access Control Enforcer when
access rule becomes accessible. If access rule is installed to the
secure element, Access Controler Enforcer shall work to cache the rules.
Bug: 111195321
Test: Confirmed that new access rules are cached in the next attempt.
Change-Id: Ib56301e1150256028414d64e0fc2396e35791390
|
|
This reverts commit e8eeaf2a3f809afdc530371b2a5129bc15a35d5f.
|
|
This reverts commit 51013385de2a4e6f4af3786b4339f84be0e91163.
|
|
getService(<instance>, true) will wait for the service to start.
Test: Add delays and check if the client waits;
Bug: 110053681
Bug: 110972464
Change-Id: I5a0b708e93274810c2852837429695213da50b7b
|
|
Added Broadcast listener for NFC Adapter state change. Durinf every NFC on,
DWP terminal is added in OMAPI service. During Nfcoff service is de registered
in NFC service.
|
|
Added delay to make sure DWP Terminal(NFC service) is up
|
|
|
|
All the channels in use should be closed if new SE gets available as the
existing logical channels were opened in accordance with the access
rules previously retrieved.
Bug: 77771494
Test: All the existing channels in use are closed as expected.
Change-Id: Iaca08bdfbdae9b1ba5a1cb863483758242272536
|
|
|
|
Access Control Enforcer releases the instances of ARA controller and ARF
controller when it is reset, but the cache data of the access rules and
the refresh tag remain in the current implementation. The cache should
also be reset to avoid unexpected reuse of the cache.
Bug: 77759129
Test: Manual test to confirm that the cached is discarded as expected.
Change-Id: Id29d3c8e8118178db8c4ede915799a8129e34cb9
|
|
SecureElement application shall receive a callback when SE HAL died and
attempt to obtain it again. To achieve it, the code to initialize SE HAL
should be moved from SecureElementService to Terminal.
Bug: 77606969
Test: Confirmed that Terminal can get SE HAL again after the accident.
Change-Id: I76a02464874d82f75daec4b4b70be4211e2d19ad
|
|
If an application uses a partial AID while opening a
channel, and select response returns the full AID, then
selectNext() fails because there is a mismatch in the AID.
Storing the AID that was used to open the channel fixes the
issue.
Test: OMAPI CTS Test
Bug: 74436845
Change-Id: I3c2c5c36bae818367c0fd010c041eadb59fcbe49
|
|
|
|
Even if the terminal once failed to retrieve the access rules from the
secure element due to a kind of temporary failure like IO error or the
lack of a logical channel available, it shall have a chance to attempt
to do it again.
Bug: 75236408
Test: Manually tested multiple scenarios with pseudo temporary failures.
Change-Id: Id5c492b98e2f654e4fc833abb7f8a0c4e1cc4625
|
|
HAL implementation needs an indication when there aren't any active
channels so that lower power mode can be achieved.
Calling close for basic channel will inform them when basic channel
is not in use.
Test: Test application; open/close basic channel
Bug: 74550883
Change-Id: Idaaac62bc26af664a2fc9fffa96e179804905553
|
|
If the terminal cannot get available logical channel when attempting to
check ARF, MissingResourceException shall be propagated to the upper
layer. It shall not be ignored.
Bug: 74094532
Test: Confirmed that MissingResourceException is expectedly propagated.
Change-Id: I744e613c9fb2d7c154fbd497895a3c207d4843f1
|
|
Full access should be permitted if eSE does not have ARA applet. On the
other hand, full access shall not be granted if it is uncertain whether
access rule does not exist on the secure element.
Bug: 73974445
Test: Executed manual test cases for UICC and eSE
Change-Id: Id56f8dbdb153724a6fd654489acf7df751d2711c
|
|
OP-011 "access to the default applet is blocked by the DUT" is mandatory
requirement according to GSMA NFC Handset Test Book.
Bug: 73331557
Test: Confirmed that OMAPI TC 6.4.7 ID3b passed with this change.
Change-Id: I0447e2763ec48a3149d2868edf8f3dd6986cb055
|
|
Test: Secure Element initializes
Bug: 74536289
Change-Id: Iffe66b42adc21628e3def830579faf553c100ef5
|
|
OP-002 "access to the basic channel is blocked by the DUT" is mandatory
requirement according to GSMA NFC Handset Test Book.
Bug: 73331557
Test: Confirmed that OMAPI TC 6.4.6 ID7 passed with this change.
Change-Id: Ic310b098227255d5653e466c052652eaf24d4244
|
|
The device must avoid to log any sensitive information such as APDU
command or response exchanged in communication with applet located in
the secure element. Refer to TS26_NFC_REQ_163 described in TS.26 - NFC
Handset Requirements.
Bug: 74127314
Test: Confirmed that GSMA TS.27 TC 15.9.3.2.1 does not fail.
Change-Id: I62fdf021a2f1be77d2608dae9061c5780ea245f1
|
|
|
|
|
|
|
|
|
|
SecurityException shall never be thrown when the terminal cannnot
retrieve access rules due to the lack of a logical channel available.
Bug: 74094532
Test: OMAPI TC 6.4.7 ID5a and TC 6.4.10 ID5a pass with this change.
Change-Id: I95b1053dd61729f8ff3bce373b2df04a6e172273
|
|
IOException shall be thrown to client application if communication
problem happens between the terminal and the secure element while the
terminal retrieves the access rules. That is the expected behavior
described in the clause 6.2.7 (h) of Open Mobile API Specification.
Bug: 74094356
Test: OMAPI TC 6.4.7 ID8 and TC 6.4.10 ID8 pass with this change.
Change-Id: If444384541d3425e9a0dc052e933c9739a9f1025
|
|
IOException shall be thrown to client application if communication
problem happens between the terminal and the secure element while the
terminal retrieves the access rules. That is the expected behavior
described in the clause 6.2.7 (h) of Open Mobile API Specification.
Bug: 74094356
Test: OMAPI TC 6.4.7 ID8 and TC 6.4.10 ID8 pass with this change.
Change-Id: I5baae8356d2ab2f61b2e45647d7e6b6a297b2483
|
|
It must be possible to search the access rule cache for a rule that
contains the requested AID but with another specific hash value. Global
Platform SEAC Device Side Test Plan TC 4.1 (c0-ee-09) fails as no REF_DO
is found in the access rule cache if this fix is not applied.
Bug: 73786675
Bug: 73133863
Test: Confirmed that the TC 4.1 above can pass with this change.
Change-Id: I3965d481d07272c16c86240b901045316847719c
|
|
If undefined value is specified as a general APDU access rule, it shall
be treated as an interpretation error which should lead to denying
access to the whole secure element. NFC_AR_DO already has the same code.
Bug: 74049227
Test: GSMA TS.27 TC 5.4.2.2 (SEAC c0-62-b5) passes.
Change-Id: I5a5ab3bde671273e85f361ccfe3c8dcc2577b219
|
|
Throw an exception when NO_SUCH_ELEMENT_ERROR is encountered.
selectResponse should be null if SELECT has not been performed.
mDefaultApplicationSelectedOnBasicChannel should only be reset if the
Secure Element has gone through a reset.
Test: Secure Element initializes
Change-Id: Ibd7f44b1b999d265e39336b764cd729f0156d468
|
|
Any APDU command with invalid format shall not be sent to the lower
layer. IllegalArgumentException shall be thrown if anything wrong is
found in the command format.
Bug: 72873579
Test: Confirmed that 6.5.6 ID25 can pass with this change.
Change-Id: I1c9b9631b380bc66cdd4f6ebd814491b5acb7ee2
|
|
This contribution is an implementation of the GlobalPlatform
Open Mobile API for Android with some modifications to
namespaces and packages to make it suitable as a core
Android component.
This contribution is based on:
0001-Open-Source-Contribution-of-Smartcard-Service-for-fr.patch
which can be found in
https://portland.source.codeaurora.org/patches/quic/la/PATCH_217881_OpenMobileAPI_20171208.tar.gz
and
0001-Code-reorganization-of-Open-Mobile-API-packages-apps.patch
which can be found in
https://portland.source.codeaurora.org/patches/quic/la/PATCH_217881_OpenMobileAPI_20171206.tar.gz
The first patch should be applied, followed by the second.
The submitted patchs were originally derived from
https://source.codeaurora.org/quic/la/platform/packages/apps/SmartCardService/commit/?h=LA.BF64.1.2.1&id=06ecea9abb8264049f52c7e31c0bc13330a425d5.
Test: Basic functionality test on target device
- Verify access rules are read from ARF on start-up
- Verify that access rules are updated on refresh tag
- Verify basic APDU transfer
Test performed in conjunction with commit
0269d238c1fc1212c8e7eb1717b47977f8f3b1fa on frameworks/base
Change-Id: Ia6c5b3657f83efa1551a067bd6aee03c68876c09
Signed-off-by: Jeremy O'Donoghue <jodonogh@codeaurora.org>
|
