diff options
author | Christophe Ricard <christophe.ricard@gmail.com> | 2016-03-06 22:55:21 +0100 |
---|---|---|
committer | Samuel Ortiz <sameo@linux.intel.com> | 2016-03-13 23:09:42 +0100 |
commit | 36ce8f5e89d1345c6a735d05213b019fa498bec0 (patch) | |
tree | cf212248d44b091ffc31d78aca2c87a54cb4f768 | |
parent | f69211f2168bcb091eac8ec0ead2ab77670b222a (diff) | |
download | neard-36ce8f5e89d1345c6a735d05213b019fa498bec0.tar.gz |
se: Return true if ARA-M is not accessible on a non uicc SE
According to GP specification, an eSE should be accessible
when the ARA-M is not accessible.
-rw-r--r-- | se/ace.c | 17 | ||||
-rw-r--r-- | se/se.c | 5 | ||||
-rw-r--r-- | se/seel.h | 1 |
3 files changed, 22 insertions, 1 deletions
@@ -826,9 +826,24 @@ bool __seel_ace_apdu_allowed(struct seel_channel *channel, uint8_t *hash, if (!ace->rules) return false; + /* Ref. GP SE Access Control specification, Chapter 4: Device Interface + * If the secure element is a uicc, a device application can access an SE + * application in all of the following case: + * - The ARA-M is accessible and provides a rule which explicitly allows the + * access. + * - The ARA-M is not accessible but the ARF contains a rule which allows the + * access. + * + * If the secure element is not a uicc, a device application can access an SE + * application in all of the following case: + * - The ARA-M is not accessible on the SE (e.g not installed, not selectable, + * or locked). + * - The ARA-M is accessible and provides a rule which explicitly allows the + * access. + */ aid = __seel_channel_get_aid(channel, &aid_len); if (!aid) - return false; + return __seel_se_get_type(se) != SEEL_SE_UICC; /* a) Try to find a specific rule */ rule = find_specific_rule(ace, aid, aid_len, hash); @@ -276,6 +276,11 @@ const char *__seel_se_get_path(struct seel_se *se) return se->path; } +uint8_t __seel_se_get_type(struct seel_se *se) +{ + return se->se_type; +} + const GSList *__seel_se_get_hashes(struct seel_se *se, const char *owner) { pid_t pid; @@ -42,6 +42,7 @@ struct seel_cert_driver *__seel_driver_cert_get(void); struct seel_se *__seel_se_get(uint32_t se_idx, uint8_t ctrl_idx, uint8_t ctrl_type); const char *__seel_se_get_path(struct seel_se *se); +uint8_t __seel_se_get_type(struct seel_se *se); const GSList *__seel_se_get_hashes(struct seel_se *se, const char *owner); int __seel_se_queue_io(struct seel_se *se, struct seel_apdu *apdu, transceive_cb_t cb, void *context); |