From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Alisher Alikhodjaev Date: Thu, 1 Jun 2023 13:44:28 -0700 Subject: [PATCH] Ensure that SecureNFC setting cannot be bypassed Bug: 268038643 Test: ctsverifier (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:d6d8f79fd8d605b3cb460895a8e3a11bcf0c22b0) Merged-In: Ic408b3ef9e35b646b728f9b76a0ba8922ed6e25f Change-Id: Ic408b3ef9e35b646b728f9b76a0ba8922ed6e25f --- src/com/android/nfc/NfcService.java | 6 ++++++ src/com/android/nfc/cardemulation/HostEmulationManager.java | 5 +++-- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/src/com/android/nfc/NfcService.java b/src/com/android/nfc/NfcService.java index 46a5d88e..0e02cd03 100644 --- a/src/com/android/nfc/NfcService.java +++ b/src/com/android/nfc/NfcService.java @@ -851,6 +851,12 @@ public class NfcService implements DeviceHostListener { } } + public boolean isSecureNfcEnabled() { + synchronized (NfcService.this) { + return mIsSecureNfcEnabled; + } + } + final class NfcAdapterService extends INfcAdapter.Stub { /** * An interface for vendor specific extensions diff --git a/src/com/android/nfc/cardemulation/HostEmulationManager.java b/src/com/android/nfc/cardemulation/HostEmulationManager.java index df701f2f..a45c5f50 100644 --- a/src/com/android/nfc/cardemulation/HostEmulationManager.java +++ b/src/com/android/nfc/cardemulation/HostEmulationManager.java @@ -175,8 +175,9 @@ public class HostEmulationManager { // Resolve to default // Check if resolvedService requires unlock ApduServiceInfo defaultServiceInfo = resolveInfo.defaultService; - if (defaultServiceInfo.requiresUnlock() && - mKeyguard.isKeyguardLocked() && mKeyguard.isKeyguardSecure()) { + if ((defaultServiceInfo.requiresUnlock() + || NfcService.getInstance().isSecureNfcEnabled()) + && mKeyguard.isKeyguardLocked() && mKeyguard.isKeyguardSecure()) { // Just ignore all future APDUs until next tap mState = STATE_W4_DEACTIVATE; launchTapAgain(resolveInfo.defaultService, resolveInfo.category);