49 lines
2.4 KiB
Diff

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Alisher Alikhodjaev <alisher@google.com>
Date: Thu, 1 Jun 2023 13:44:28 -0700
Subject: [PATCH] Ensure that SecureNFC setting cannot be bypassed
Bug: 268038643
Test: ctsverifier
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:d6d8f79fd8d605b3cb460895a8e3a11bcf0c22b0)
Merged-In: Ic408b3ef9e35b646b728f9b76a0ba8922ed6e25f
Change-Id: Ic408b3ef9e35b646b728f9b76a0ba8922ed6e25f
---
src/com/android/nfc/NfcService.java | 6 ++++++
src/com/android/nfc/cardemulation/HostEmulationManager.java | 5 +++--
2 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/src/com/android/nfc/NfcService.java b/src/com/android/nfc/NfcService.java
index 46a5d88e..0e02cd03 100644
--- a/src/com/android/nfc/NfcService.java
+++ b/src/com/android/nfc/NfcService.java
@@ -851,6 +851,12 @@ public class NfcService implements DeviceHostListener {
}
}
+ public boolean isSecureNfcEnabled() {
+ synchronized (NfcService.this) {
+ return mIsSecureNfcEnabled;
+ }
+ }
+
final class NfcAdapterService extends INfcAdapter.Stub {
/**
* An interface for vendor specific extensions
diff --git a/src/com/android/nfc/cardemulation/HostEmulationManager.java b/src/com/android/nfc/cardemulation/HostEmulationManager.java
index df701f2f..a45c5f50 100644
--- a/src/com/android/nfc/cardemulation/HostEmulationManager.java
+++ b/src/com/android/nfc/cardemulation/HostEmulationManager.java
@@ -175,8 +175,9 @@ public class HostEmulationManager {
// Resolve to default
// Check if resolvedService requires unlock
ApduServiceInfo defaultServiceInfo = resolveInfo.defaultService;
- if (defaultServiceInfo.requiresUnlock() &&
- mKeyguard.isKeyguardLocked() && mKeyguard.isKeyguardSecure()) {
+ if ((defaultServiceInfo.requiresUnlock()
+ || NfcService.getInstance().isSecureNfcEnabled())
+ && mKeyguard.isKeyguardLocked() && mKeyguard.isKeyguardSecure()) {
// Just ignore all future APDUs until next tap
mState = STATE_W4_DEACTIVATE;
launchTapAgain(resolveInfo.defaultService, resolveInfo.category);