Bug 884594 - Part 4: Initial integration with ACE. r=allstars.chh

2024-09-13 09:24:08 -07:00 · 2015-05-07 17:22:00 -04:00 · 2015-05-07 17:22:00 -04:00 · c549fc7f1c
commit c549fc7f1c
parent 0ee876a241
1 changed files with 41 additions and 23 deletions
--- a/dom/secureelement/gonk/SecureElement.js
+++ b/dom/secureelement/gonk/SecureElement.js
@ -199,6 +199,9 @@ function SecureElementManager() {
  this._registerMessageListeners();
  this._registerSEListeners();
  Services.obs.addObserver(this, NS_XPCOM_SHUTDOWN_OBSERVER_ID, false);
+  this._acEnforcer =
+    Cc["@mozilla.org/secureelement/access-control/ace;1"]
+    .getService(Ci.nsIAccessControlEnforcer);
 }

 SecureElementManager.prototype = {
@ -219,7 +222,10 @@ SecureElementManager.prototype = {
  // key: secure element type, value: (Boolean) is present/accessible
  _sePresence: {},

+  _acEnforcer: null,
+
  _shutdown: function() {
+    this._acEnforcer = null;
    this.secureelement = null;
    Services.obs.removeObserver(this, NS_XPCOM_SHUTDOWN_OBSERVER_ID);
    this._unregisterMessageListeners();
@ -288,7 +294,6 @@ SecureElementManager.prototype = {
      return;
    }

-    // TODO: Bug 1118098  - Integrate with ACE module
    let connector = getConnector(msg.type);
    if (!connector) {
      debug("No SE connector available");
@ -296,7 +301,14 @@ SecureElementManager.prototype = {
      return;
    }

+    this._acEnforcer.isAccessAllowed(msg.appId, msg.type, msg.aid)
+    .then((allowed) => {
+      if (!allowed) {
+        callback({ error: SE.ERROR_SECURITY });
+        return;
+      }
      connector.openChannel(SEUtils.byteArrayToHexString(msg.aid), {
+
        notifyOpenChannelSuccess: (channelNumber, openResponse) => {
          // Add the new 'channel' to the map upon success
          let channelToken =
@ -320,6 +332,11 @@ SecureElementManager.prototype = {
          callback({ error: SE.ERROR_GENERIC, reason: reason, response: [] });
        }
      });
+    })
+    .catch((error) => {
+      debug("Failed to get info from accessControlEnforcer " + error);
+      callback({ error: SE.ERROR_SECURITY });
+    });
  },

  _handleTransmit: function(msg, callback) {
@ -337,6 +354,7 @@ SecureElementManager.prototype = {
      return;
    }

+    // Bug 1137533 - ACE GPAccessRulesManager APDU filters
    connector.exchangeAPDU(channel.channelNumber, msg.apdu.cla, msg.apdu.ins,
                           msg.apdu.p1, msg.apdu.p2,
                           SEUtils.byteArrayToHexString(msg.apdu.data),