1 /*
2  * Copyright (C) 2017 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 /*
17  * Copyright (c) 2017, The Linux Foundation.
18  */
19 
20 /*
21  * Copyright 2012 Giesecke & Devrient GmbH.
22  *
23  * Licensed under the Apache License, Version 2.0 (the "License");
24  * you may not use this file except in compliance with the License.
25  * You may obtain a copy of the License at
26  *
27  *      http://www.apache.org/licenses/LICENSE-2.0
28  *
29  * Unless required by applicable law or agreed to in writing, software
30  * distributed under the License is distributed on an "AS IS" BASIS,
31  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
32  * See the License for the specific language governing permissions and
33  * limitations under the License.
34  */
35 
36 package com.android.se.security;
37 
38 /** Class for Storing the APDU and NFC Access for a particular Channel */
39 public class ChannelAccess {
40 
41     private final String mTag = "SecureElement-ChannelAccess";
42     private String mPackageName = "";
43     private ACCESS mAccess = ACCESS.UNDEFINED;
44     private ACCESS mApduAccess = ACCESS.UNDEFINED;
45     private boolean mUseApduFilter = false;
46     private int mCallingPid = 0;
47     private String mReason = "no access by default";
48     private ACCESS mNFCEventAccess = ACCESS.UNDEFINED;
49     private ApduFilter[] mApduFilter = null;
50     private ACCESS mPrivilegeAccess = ACCESS.UNDEFINED;
51 
52     /** Clones the ChannelAccess */
clone()53     public ChannelAccess clone() {
54         ChannelAccess ca = new ChannelAccess();
55         ca.setAccess(mAccess, mReason);
56         ca.setPackageName(mPackageName);
57         ca.setApduAccess(mApduAccess);
58         ca.setCallingPid(mCallingPid);
59         ca.setNFCEventAccess(mNFCEventAccess);
60         ca.setUseApduFilter(mUseApduFilter);
61         if (mApduFilter != null) {
62             ApduFilter[] apduFilter = new ApduFilter[mApduFilter.length];
63             int i = 0;
64             for (ApduFilter filter : mApduFilter) {
65                 apduFilter[i++] = filter.clone();
66             }
67             ca.setApduFilter(apduFilter);
68         } else {
69             ca.setApduFilter(null);
70         }
71         return ca;
72     }
73 
getPackageName()74     public String getPackageName() {
75         return mPackageName;
76     }
77 
setPackageName(String name)78     public void setPackageName(String name) {
79         mPackageName = name;
80     }
81 
getApduAccess()82     public ACCESS getApduAccess() {
83         return mApduAccess;
84     }
85 
setApduAccess(ACCESS apduAccess)86     public void setApduAccess(ACCESS apduAccess) {
87         mApduAccess = apduAccess;
88     }
89 
getAccess()90     public ACCESS getAccess() {
91         return mAccess;
92     }
93 
94     /** Sets the Access for the ChannelAccess */
setAccess(ACCESS access, String reason)95     public void setAccess(ACCESS access, String reason) {
96         mAccess = access;
97         mReason = reason;
98     }
99 
isUseApduFilter()100     public boolean isUseApduFilter() {
101         return mUseApduFilter;
102     }
103 
setUseApduFilter(boolean useApduFilter)104     public void setUseApduFilter(boolean useApduFilter) {
105         mUseApduFilter = useApduFilter;
106     }
107 
getCallingPid()108     public int getCallingPid() {
109         return mCallingPid;
110     }
111 
setCallingPid(int callingPid)112     public void setCallingPid(int callingPid) {
113         mCallingPid = callingPid;
114     }
115 
getReason()116     public String getReason() {
117         return mReason;
118     }
119 
getApduFilter()120     public ApduFilter[] getApduFilter() {
121         return mApduFilter;
122     }
123 
setApduFilter(ApduFilter[] accessConditions)124     public void setApduFilter(ApduFilter[] accessConditions) {
125         mApduFilter = accessConditions;
126     }
127 
getNFCEventAccess()128     public ACCESS getNFCEventAccess() {
129         return mNFCEventAccess;
130     }
131 
setNFCEventAccess(ACCESS access)132     public void setNFCEventAccess(ACCESS access) {
133         mNFCEventAccess = access;
134     }
135 
136     /** Provides the ChannelAccess with Privilege Access */
getPrivilegeAccess(String packageName, int pid)137     public static ChannelAccess getPrivilegeAccess(String packageName, int pid) {
138         ChannelAccess ca = new ChannelAccess();
139         ca.setPackageName(packageName);
140         ca.setCallingPid(pid);
141         ca.setAccess(ACCESS.ALLOWED, "privilege application");
142         ca.setApduAccess(ACCESS.ALLOWED);
143         ca.setNFCEventAccess(ACCESS.ALLOWED);
144         ca.setPrivilegeAccess(ACCESS.ALLOWED);
145 
146         return ca;
147     }
148 
149     /** Provides the ChannelAccess with CarrierPrivilege Access */
getCarrierPrivilegeAccess(String packageName, int pid)150     public static ChannelAccess getCarrierPrivilegeAccess(String packageName, int pid) {
151         ChannelAccess ca = new ChannelAccess();
152         ca.setPackageName(packageName);
153         ca.setCallingPid(pid);
154         ca.setAccess(ACCESS.ALLOWED, "Carrier-Privilege");
155         ca.setApduAccess(ACCESS.ALLOWED);
156         ca.setPrivilegeAccess(ACCESS.ALLOWED);
157 
158         return ca;
159     }
160 
getPrivilegeAccess()161     public ACCESS getPrivilegeAccess() {
162         return mPrivilegeAccess;
163     }
164 
setPrivilegeAccess(ACCESS access)165     public void setPrivilegeAccess(ACCESS access) {
166         mPrivilegeAccess = access;
167     }
168 
setCarrierPrivilegeAccess(String packageName, int pid)169     public void setCarrierPrivilegeAccess(String packageName, int pid) {
170         mPackageName = packageName;
171         mCallingPid = pid;
172         mAccess = ACCESS.ALLOWED;
173         mApduAccess = ACCESS.ALLOWED;
174         mPrivilegeAccess = ACCESS.ALLOWED;
175         mReason = "Carrier-Privilege";
176     }
177 
178     @Override
toString()179     public String toString() {
180         StringBuilder sb = new StringBuilder();
181         sb.append(this.getClass().getName());
182         sb.append("\n [mPackageName=");
183         sb.append(mPackageName);
184         sb.append(", mAccess=");
185         sb.append(mAccess);
186         sb.append(", mApduAccess=");
187         sb.append(mApduAccess);
188         sb.append(", mUseApduFilter=");
189         sb.append(mUseApduFilter);
190         sb.append(", mApduFilter=");
191         if (mApduFilter != null) {
192             for (ApduFilter f : mApduFilter) {
193                 sb.append(f.toString());
194                 sb.append(" ");
195             }
196         } else {
197             sb.append("null");
198         }
199         sb.append(", mCallingPid=");
200         sb.append(mCallingPid);
201         sb.append(", mReason=");
202         sb.append(mReason);
203         sb.append(", mNFCEventAllowed=");
204         sb.append(mNFCEventAccess);
205         sb.append(", mPrivilegeAccess=");
206         sb.append(mPrivilegeAccess);
207         sb.append("]\n");
208 
209         return sb.toString();
210     }
211 
212     public enum ACCESS {
213         ALLOWED,
214         DENIED,
215         UNDEFINED;
216     }
217 }
218