| Age | Commit message (Collapse) | Author |
|---|
|
Change-Id: Ic3424f7fcf575643b54c6dd31a64e45500e64ee2
Signed-off-by: alk3pInjection <webmaster@raspii.tech>
|
|
lineage-18.1
Signed-off-by: alk3pInjection <webmaster@raspii.tech>
Change-Id: Ifda025f9963e067b37475cf65de4276fdaeeedd2
|
|
If there is temporary failures in access rules retrieval, Secure Element
service should handle the re-initialization. NFC transactions usually
need to be completed in short time and should not wait for the access
control enforcer re-initialization.
Bug: 186588474
Test: HCE test in CtsVerifier
Change-Id: I6e6dd8c05622ff67f6b75a8a93d0db0d35bc7056
(cherry picked from commit 8ca26b9e6c7381ac51c3bfe4d774b5d61b1b30c3)
|
|
Return when SE is not connected
Bug: 185198557
Test: manual
Change-Id: I0c90862585f311bc6695235e316023aeceb9df7a
(cherry picked from commit cba6328078700b0d3adc92c8a95da9337718597a)
|
|
It need to break the deadlock between the objects of
Terminal.mLock and Channel to avoid the potentially ANR issue
Bug: 158132553
Test: OMAPI works normal after multi-thread stress tests
Signed-off-by: Maoliang Tang <tangmaoliang@xiaomi.com>
Change-Id: I94676d45cabb65665d9336167d9814dfbca7a5bb
(cherry picked from commit 8c52cf75b958f690457be330c52ba2487186f2d8)
|
|
If there is temporary failures in access rules retrieval, Secure Element
service should handle the re-initialization. NFC transactions usually
need to be completed in short time and should not wait for the access
control enforcer re-initialization.
Bug: 186588474
Test: HCE test in CtsVerifier
Change-Id: I6e6dd8c05622ff67f6b75a8a93d0db0d35bc7056
|
|
Return when SE is not connected
Bug: 185198557
Test: manual
Change-Id: I0c90862585f311bc6695235e316023aeceb9df7a
|
|
As part of statsd becoming a Mainline module in R, autogenerated
StatsLog.write() calls are going away and replaced by *StatsLog.java
that is autogenerated for each module.
This CL adds autogenerated SecureElementStatsLog and replaces usages
of StatsLog with SecureElementStatsLog.
|
|
Warnings fixed: FORWARD_NULL
Checked for null before accessing method on mSEHal11.
|
|
Sync internal branch code refactor to aosp.
|
|
1. Ensure the concurrent access to mChannels in Terminal.java
is protected by the same lock instance
2. Move the remove operation of mSessions into synchronized block
in method of Terminal.removeSession
3. Add synchronous block protection to mChannels.add operation in
SecureElementService.java
|
|
It need to break the deadlock between the objects of
Terminal.mLock and Channel to avoid the potentially ANR issue
|
|
Do not directly provide privilege access to carrier privilege apps to
select ISD-R aid. Fallback to GP rules checking.
|
|
Do not return null directly when application try to openLogicalChannel
with null aid.
Check if it is privilege application first.
|
|
Listen to CARRIER_CONFIG_CHANGED and reinitialize UICC terminals.
|
|
|
|
Throw exception in setUpChannelAccess if this is not a privilege app.
|
|
When setup channel access for UICC terminal, carrier privileges checking
add unnecessary rules loading.
|
|
|
|
Listen to CARRIER_CONFIG_CHANGED and reinitialize UICC terminals.
Bug: 152008670
Test: adb shell dumpsys secure_element
Merged-In: I8bb13b43de6f17f0b5b82440708d90bf684ca7ec
Change-Id: I8bb13b43de6f17f0b5b82440708d90bf684ca7ec
|
|
|
|
Do not directly provide privilege access to carrier privilege apps to
select ISD-R aid. Fallback to GP rules checking.
Bug: 157968163
Test: select ISD-R aid is not directly allowed for carrier privilege
apps
Merged-In: Id7dd6e3afcb88d97b7c62e8710ef16fbc35010f3
Change-Id: Id7dd6e3afcb88d97b7c62e8710ef16fbc35010f3
|
|
Do not return null directly when application try to openLogicalChannel
with null aid.
Check if it is privilege application first.
Bug: 157349625
Test: openLogicalChannel with null aid
Merged-In: Icf7ee2b299154874f1bdd4b5b409c7df04eb831b
Change-Id: Icf7ee2b299154874f1bdd4b5b409c7df04eb831b
|
|
HAL_ESE_IOCTL_OMAPI_RELEASE_ESE_SESSION
|
|
Test: manual
Bug: 142495673
Change-Id: I1338a2a11cc60fa50b1c8dd8e75022af9ea1b0a1
|
|
Allow privilege app access to open channel even if
AccessControlEnforcer is not available.
Throw exception only for non privileged access.
Bug: 149632580
Test: OpenBasicChannel from Privileged/Non privileged app
Change-Id: Ie188d397f6bf641923d010ad3a9d00d21bc9351b
|
|
When application try to stress OMAPI by continuously open/close channels
with multi-thread, there is possibility channel management is incorrect
and result to no response.
Bug: 148892905
Test: OMAPI works normal after multi-thread stress tests
Change-Id: I530015ff20ed143a129024d6385fae9392a00a99
|
|
When applications with privilege permission or carrier privilege, allow
basic channel access and select operation in an opened channel.
Bug: 139701995
Test: build pass
Change-Id: I823202b9eadf012cfdf89bde5678c01bc8f77314
|
|
Support Carrier Privilege rules.
Bug: 139701995
Test: Check carrier privilege rules could be parsed correctly
Change-Id: I2838d335f9993eb7e50323773ed52579f53766a3
|
|
Provide access to eSE when system application granted privilege
permission.
Bug: 141963658
Test: Manual
Change-Id: I5f00ee71c4d42ea612abeeeb637248337af3c1f6
|
|
1. Try to retrieve ARs from a configurable list of AIDs.
If all AIDs are not accessible, then try default AID.
2. Add PKG_REF_DO/PERM_AR_DO for AR parsing.
Bug:139078767
Test: Access rules could be retrieved from different AIDs.
|
|
transmit method can handle 6CXX or 61XX once, and then call transmitInternal method.
transmitInternal method cannot handle 6CXX or 61XX.
After process 6CXX, call transmit method again to handle 61XX.
Bug: 141838332
Test: CTS OmapiTest
Change-Id: I4e7ff90953d7a5374b012f55c25f29a73adb586b
|
|
According to GP spec chap 4, access permission should be ALLOWED when ARA-M is not accessible on the eSE.
But on converged chip which is used by both eSIM/Felica, there is security concern when deleting ARA-M on this chip.
Set ChannelAccess as DENIED before long-term solution complete.
Bug: 140902609
Bug: 141203396
Test: Check ChannelAccess is DENIED after deleting ARA-M
Change-Id: Ic0eee4f4b214eae8f1a94b1b0c3b9621502deff5
|
|
If the access rules are of different types (i.e. NFC permission, APDU
permission), both rules are combined and thus both rules apply. That is
the policy of the rules combination process described in the clause
3.4.1 of GP SEAC specification. Interpretation of missing APDU access
rule attribute shall be done after all combination process is finished.
Bug: 129524272
Test: Confirmed no error with GP SEAC Test Plan v1.0.6 and SEAC CTS TCs
Change-Id: I32932b00d0cd4b8df31fb2194b8dd8766f0dd44f
|
|
If the access rules are of different types (i.e. NFC permission, APDU
permission), both rules are combined and thus both rules apply. That is
the policy of the rules combination process described in the clause
3.4.1 of GP SEAC specification. Interpretation of missing NFC access
rule attribute shall be done after all combination process is finished.
Bug: 129524272
Test: Confirmed no error with GP SEAC Test Plan v1.0.6 and SEAC CTS TCs
Change-Id: Iea06a4496b7a09a21c10700781f8bf988405592f
|
|
ChannelAccess.setAccess() shall not be called with DENIED until the
interpretation of the access rules retrieved from ARA is finished, if
'NEVER' is not explicitly specified in APDU-AR-DO.
Bug: 129509913
Test: Confirmed no error with GP SEAC Test Plan v1.0.6 and SEAC CTS TCs
Change-Id: I0f20baf544f95f7c584ad4c6d752a8d43d8cc195
|
|
Terminals are loaded in the onCreate, which has a
limited amount of time to do work without ANRing.
For DSDS, its possible that although a SIM2
ese exists in a manifest, the HAL won't be loaded
if DSDS is inactive on the device.
Don't allow retries when trying to fetch terminals
after index 1, in case they don't actually exist.
Bug: 139010988
Change-Id: I250cfed507a2805abba21e2c8ebfb025431cfb0d
|
|
|
|
Bug: 154094471
Test: check carrier privilege
Merged-In: Id1a3fdb669c8e85aafcdb9623ec30b098f6c36c2
Change-Id: Id1a3fdb669c8e85aafcdb9623ec30b098f6c36c2
|
|
Throw exception in setUpChannelAccess if this is not a privilege app.
Bug: 153934978
Test: atest CtsOmapiTestCases
Merged-In: Id39bcad679e856370b985bb77ca77aaadc84c7a0
Change-Id: Id39bcad679e856370b985bb77ca77aaadc84c7a0
|
|
When setup channel access for UICC terminal, carrier privileges checking
add unnecessary rules loading.
Bug: 152060727
Bug: 153832909
Test: atest CtsOmapiTestCases
Merged-In: Ia3230a7f0165b9233196a698d9bfd0e243fa0db6
Change-Id: Ia3230a7f0165b9233196a698d9bfd0e243fa0db6
|
|
Bug: 152817207
Test: mFullAccess could be modified in debug build by property
Merged-In: I0fe3abda539d504bcf2ff314fc4bc5fa7419f614
Change-Id: I0fe3abda539d504bcf2ff314fc4bc5fa7419f614
|
|
Allow privilege app access to open channel even if
AccessControlEnforcer is not available.
Throw exception only for non privileged access.
Bug: 149632580
Test: OpenBasicChannel from Privileged/Non privileged app
Merged-In: Ie188d397f6bf641923d010ad3a9d00d21bc9351b
Change-Id: Ie188d397f6bf641923d010ad3a9d00d21bc9351b
|
|
Change SECURE_ELEMENT_PRIVILEGED to SECURE_ELEMENT_PRIVILEGED_OPERATION.
Bug: 150877612
Test: build pass
Merged-In: I5c0d557f9ac43b64f2113de6c4a46f92e99b7c27
Change-Id: I5c0d557f9ac43b64f2113de6c4a46f92e99b7c27
|
|
am: 235b4688ef
Change-Id: Id9083df806b6cceaf0f339bf998971bb90afd42c
|
|
When application try to stress OMAPI by continuously open/close channels
with multi-thread, there is possibility channel management is incorrect
and result to no response.
Bug: 148892905
Test: OMAPI works normal after multi-thread stress tests
Change-Id: I530015ff20ed143a129024d6385fae9392a00a99
|
|
|
|
As part of statsd becoming a Mainline module in R, autogenerated
StatsLog.write() calls are going away and replaced by *StatsLog.java
that is autogenerated for each module.
This CL adds autogenerated SecureElementStatsLog and replaces usages
of StatsLog with SecureElementStatsLog.
Bug: 145952197
Test: m SecureElement
Change-Id: Ided6c27ba2be86152949dcbf430bcc3140a62b58
|
|
|
|
Test: manual
Bug: 142495673
Change-Id: I1338a2a11cc60fa50b1c8dd8e75022af9ea1b0a1
|
