Close used logical channel before opening the next one
In order to avoid leakage of logical channels, opened logical channel
must be closed before the next one is opened. It was not good to use the
same local variable 'channel' to handle multiple logical channels opened
for multiple readers. For example, before setting new logical channel
instance for the next reader "SIM2" to 'channel', channel.close() must
be called to close the logical channel for the current reader "SIM1".
This change fixes the logical channel leakage issue that can happen in
multiple SE situation.
Bug: 112671965
Test: TCs pass with SIM card which does not support extended channels.
Change-Id: Ia6bf0cb07b7fcab65c9210a14cd6cf8e97afc260
(cherry picked from commit cd0d1b2b9f46a0bfc1c97c5413c2119f940441fe)
diff --git a/tests/tests/secure_element/access_control/AccessControlApp1/src/android/omapi/accesscontrol1/cts/AccessControlTest.java b/tests/tests/secure_element/access_control/AccessControlApp1/src/android/omapi/accesscontrol1/cts/AccessControlTest.java
index 22b8432..45dd3f0 100644
--- a/tests/tests/secure_element/access_control/AccessControlApp1/src/android/omapi/accesscontrol1/cts/AccessControlTest.java
+++ b/tests/tests/secure_element/access_control/AccessControlApp1/src/android/omapi/accesscontrol1/cts/AccessControlTest.java
@@ -18,6 +18,7 @@
package android.omapi.accesscontrol1.cts;
+import static org.hamcrest.CoreMatchers.is;
import static org.junit.Assert.*;
import static org.junit.Assume.assumeTrue;
@@ -239,121 +240,121 @@
}
private void testSelectableAid(byte[] aid) {
- Session session = null;
- Channel channel = null;
try {
waitForConnection();
Reader[] readers = seService.getReaders();
for (Reader reader : readers) {
- assertTrue(reader.isSecureElementPresent());
- session = reader.openSession();
- assertNotNull("Null Session", session);
- channel = session.openLogicalChannel(aid, (byte) 0x00);
- assertNotNull("Null Channel", channel);
- byte[] selectResponse = channel.getSelectResponse();
- assertNotNull("Null Select Response", selectResponse);
- assertEquals(selectResponse[selectResponse.length - 1] & 0xFF, 0x00);
- assertEquals(selectResponse[selectResponse.length - 2] & 0xFF, 0x90);
- assertTrue("Select Response is not complete", verifyBerTlvData(selectResponse));
+ Session session = null;
+ Channel channel = null;
+ try {
+ assertTrue(reader.isSecureElementPresent());
+ session = reader.openSession();
+ assertNotNull("Null Session", session);
+ channel = session.openLogicalChannel(aid, (byte) 0x00);
+ assertNotNull("Null Channel", channel);
+ byte[] selectResponse = channel.getSelectResponse();
+ assertNotNull("Null Select Response", selectResponse);
+ assertThat(selectResponse[selectResponse.length - 1] & 0xFF, is(0x00));
+ assertThat(selectResponse[selectResponse.length - 2] & 0xFF, is(0x90));
+ assertTrue("Select Response is not complete", verifyBerTlvData(selectResponse));
+ } finally {
+ if (channel != null) channel.close();
+ if (session != null) session.close();
+ }
}
} catch (Exception e) {
fail("Unexpected Exception " + e);
- } finally{
- if (channel != null)
- channel.close();
- if (session != null)
- session.close();
}
}
private void testUnauthorisedAid(byte[] aid) {
- Session session = null;
- Channel channel = null;
try {
waitForConnection();
Reader[] readers = seService.getReaders();
-
for (Reader reader : readers) {
- assertTrue(reader.isSecureElementPresent());
- session = reader.openSession();
- assertNotNull("Null Session", session);
- channel = session.openLogicalChannel(aid, (byte) 0x00);
- fail("SecurityException Expected ");
+ Session session = null;
+ Channel channel = null;
+ try {
+ assertTrue(reader.isSecureElementPresent());
+ session = reader.openSession();
+ assertNotNull("Null Session", session);
+ try {
+ channel = session.openLogicalChannel(aid, (byte) 0x00);
+ fail("SecurityException Expected");
+ } catch (SecurityException e) {
+ // Expected
+ }
+ } finally {
+ if (channel != null) channel.close();
+ if (session != null) session.close();
+ }
}
- } catch(SecurityException ex){ }
- catch (Exception e) {
+ } catch (Exception e) {
fail("Unexpected Exception " + e);
}
- if (channel != null)
- channel.close();
- if (session != null)
- session.close();
}
private void testTransmitAPDU(byte[] aid, byte[] apdu) {
- Session session = null;
- Channel channel = null;
try {
waitForConnection();
Reader[] readers = seService.getReaders();
-
for (Reader reader : readers) {
- assertTrue(reader.isSecureElementPresent());
- session = reader.openSession();
- assertNotNull("Null Session", session);
- channel = session.openLogicalChannel(aid, (byte) 0x00);
- assertNotNull("Null Channel", channel);
- byte[] selectResponse = channel.getSelectResponse();
- assertNotNull("Null Select Response", selectResponse);
- assertEquals(selectResponse[selectResponse.length - 1] & 0xFF, 0x00);
- assertEquals(selectResponse[selectResponse.length - 2] & 0xFF, 0x90);
- assertTrue("Select Response is not complete", verifyBerTlvData(selectResponse));
- byte[] apduResponse = channel.transmit(apdu);
- assertNotNull("Null Channel", apduResponse);
+ Session session = null;
+ Channel channel = null;
+ try {
+ assertTrue(reader.isSecureElementPresent());
+ session = reader.openSession();
+ assertNotNull("Null Session", session);
+ channel = session.openLogicalChannel(aid, (byte) 0x00);
+ assertNotNull("Null Channel", channel);
+ byte[] selectResponse = channel.getSelectResponse();
+ assertNotNull("Null Select Response", selectResponse);
+ assertThat(selectResponse[selectResponse.length - 1] & 0xFF, is(0x00));
+ assertThat(selectResponse[selectResponse.length - 2] & 0xFF, is(0x90));
+ assertTrue("Select Response is not complete", verifyBerTlvData(selectResponse));
+ byte[] apduResponse = channel.transmit(apdu);
+ assertNotNull("Null Channel", apduResponse);
+ } finally {
+ if (channel != null) channel.close();
+ if (session != null) session.close();
+ }
}
} catch (Exception e) {
fail("Unexpected Exception " + e);
}
- if (channel != null)
- channel.close();
- if (session != null)
- session.close();
}
private void testUnauthorisedAPDU(byte[] aid, byte[] apdu) {
- Session session = null;
- Channel channel = null;
- boolean exceptionOnTransmit = false;
try {
waitForConnection();
Reader[] readers = seService.getReaders();
-
for (Reader reader : readers) {
- assertTrue(reader.isSecureElementPresent());
- session = reader.openSession();
- assertNotNull("Null Session", session);
- channel = session.openLogicalChannel(aid, (byte) 0x00);
- assertNotNull("Null Channel", channel);
- byte[] selectResponse = channel.getSelectResponse();
- assertNotNull("Null Select Response", selectResponse);
- assertEquals(selectResponse[selectResponse.length - 1] & 0xFF, 0x00);
- assertEquals(selectResponse[selectResponse.length - 2] & 0xFF, 0x90);
- assertTrue("Select Response is not complete", verifyBerTlvData(selectResponse));
- exceptionOnTransmit = true;
- channel.transmit(apdu);
- fail("Security Exception is expected");
+ Session session = null;
+ Channel channel = null;
+ try {
+ assertTrue(reader.isSecureElementPresent());
+ session = reader.openSession();
+ assertNotNull("Null Session", session);
+ channel = session.openLogicalChannel(aid, (byte) 0x00);
+ assertNotNull("Null Channel", channel);
+ byte[] selectResponse = channel.getSelectResponse();
+ assertNotNull("Null Select Response", selectResponse);
+ assertThat(selectResponse[selectResponse.length - 1] & 0xFF, is(0x00));
+ assertThat(selectResponse[selectResponse.length - 2] & 0xFF, is(0x90));
+ assertTrue("Select Response is not complete", verifyBerTlvData(selectResponse));
+ try {
+ channel.transmit(apdu);
+ fail("Security Exception is expected");
+ } catch (SecurityException e) {
+ // Expected
+ }
+ } finally {
+ if (channel != null) channel.close();
+ if (session != null) session.close();
+ }
}
- } catch (SecurityException ex) {
- if (!exceptionOnTransmit) {
- fail("Unexpected SecurityException onSelect" + ex);
- }
} catch (Exception e) {
- fail("Unexpected Exception " + e);
- } finally {
- if(channel != null)
- channel.close();
- if (session != null)
- session.close();
+ fail("Unexpected Exception " + e);
}
}
diff --git a/tests/tests/secure_element/access_control/AccessControlApp2/src/android/omapi/accesscontrol2/cts/AccessControlTest.java b/tests/tests/secure_element/access_control/AccessControlApp2/src/android/omapi/accesscontrol2/cts/AccessControlTest.java
index 3adc1c9..4a7b7e6 100644
--- a/tests/tests/secure_element/access_control/AccessControlApp2/src/android/omapi/accesscontrol2/cts/AccessControlTest.java
+++ b/tests/tests/secure_element/access_control/AccessControlApp2/src/android/omapi/accesscontrol2/cts/AccessControlTest.java
@@ -18,6 +18,7 @@
package android.omapi.accesscontrol2.cts;
+import static org.hamcrest.CoreMatchers.is;
import static org.junit.Assert.*;
import static org.junit.Assume.assumeTrue;
@@ -238,121 +239,121 @@
}
private void testSelectableAid(byte[] aid) {
- Session session = null;
- Channel channel = null;
try {
waitForConnection();
Reader[] readers = seService.getReaders();
for (Reader reader : readers) {
- assertTrue(reader.isSecureElementPresent());
- session = reader.openSession();
- assertNotNull("Null Session", session);
- channel = session.openLogicalChannel(aid, (byte) 0x00);
- assertNotNull("Null Channel", channel);
- byte[] selectResponse = channel.getSelectResponse();
- assertNotNull("Null Select Response", selectResponse);
- assertEquals(selectResponse[selectResponse.length - 1] & 0xFF, 0x00);
- assertEquals(selectResponse[selectResponse.length - 2] & 0xFF, 0x90);
- assertTrue("Select Response is not complete", verifyBerTlvData(selectResponse));
+ Session session = null;
+ Channel channel = null;
+ try {
+ assertTrue(reader.isSecureElementPresent());
+ session = reader.openSession();
+ assertNotNull("Null Session", session);
+ channel = session.openLogicalChannel(aid, (byte) 0x00);
+ assertNotNull("Null Channel", channel);
+ byte[] selectResponse = channel.getSelectResponse();
+ assertNotNull("Null Select Response", selectResponse);
+ assertThat(selectResponse[selectResponse.length - 1] & 0xFF, is(0x00));
+ assertThat(selectResponse[selectResponse.length - 2] & 0xFF, is(0x90));
+ assertTrue("Select Response is not complete", verifyBerTlvData(selectResponse));
+ } finally {
+ if (channel != null) channel.close();
+ if (session != null) session.close();
+ }
}
} catch (Exception e) {
fail("Unexpected Exception " + e);
- } finally{
- if (channel != null)
- channel.close();
- if (session != null)
- session.close();
}
}
private void testUnauthorisedAid(byte[] aid) {
- Session session = null;
- Channel channel = null;
try {
waitForConnection();
Reader[] readers = seService.getReaders();
-
for (Reader reader : readers) {
- assertTrue(reader.isSecureElementPresent());
- session = reader.openSession();
- assertNotNull("Null Session", session);
- channel = session.openLogicalChannel(aid, (byte)0x00);
- fail("SecurityException Expected ");
+ Session session = null;
+ Channel channel = null;
+ try {
+ assertTrue(reader.isSecureElementPresent());
+ session = reader.openSession();
+ assertNotNull("Null Session", session);
+ try {
+ channel = session.openLogicalChannel(aid, (byte) 0x00);
+ fail("SecurityException Expected");
+ } catch (SecurityException e) {
+ // Expected
+ }
+ } finally {
+ if (channel != null) channel.close();
+ if (session != null) session.close();
+ }
}
- } catch(SecurityException ex){ }
- catch (Exception e) {
+ } catch (Exception e) {
fail("Unexpected Exception " + e);
}
- if (channel != null)
- channel.close();
- if (session != null)
- session.close();
}
private void testTransmitAPDU(byte[] aid, byte[] apdu) {
- Session session = null;
- Channel channel = null;
try {
waitForConnection();
Reader[] readers = seService.getReaders();
-
for (Reader reader : readers) {
- assertTrue(reader.isSecureElementPresent());
- session = reader.openSession();
- assertNotNull("Null Session", session);
- channel = session.openLogicalChannel(aid, (byte)0x00);
- assertNotNull("Null Channel", channel);
- byte[] selectResponse = channel.getSelectResponse();
- assertNotNull("Null Select Response", selectResponse);
- assertEquals(selectResponse[selectResponse.length - 1] & 0xFF, 0x00);
- assertEquals(selectResponse[selectResponse.length - 2] & 0xFF, 0x90);
- assertTrue("Select Response is not complete", verifyBerTlvData(selectResponse));
- byte[] apduResponse = channel.transmit(apdu);
- assertNotNull("Null Channel", apduResponse);
+ Session session = null;
+ Channel channel = null;
+ try {
+ assertTrue(reader.isSecureElementPresent());
+ session = reader.openSession();
+ assertNotNull("Null Session", session);
+ channel = session.openLogicalChannel(aid, (byte) 0x00);
+ assertNotNull("Null Channel", channel);
+ byte[] selectResponse = channel.getSelectResponse();
+ assertNotNull("Null Select Response", selectResponse);
+ assertThat(selectResponse[selectResponse.length - 1] & 0xFF, is(0x00));
+ assertThat(selectResponse[selectResponse.length - 2] & 0xFF, is(0x90));
+ assertTrue("Select Response is not complete", verifyBerTlvData(selectResponse));
+ byte[] apduResponse = channel.transmit(apdu);
+ assertNotNull("Null Channel", apduResponse);
+ } finally {
+ if (channel != null) channel.close();
+ if (session != null) session.close();
+ }
}
} catch (Exception e) {
fail("Unexpected Exception " + e);
}
- if (channel != null)
- channel.close();
- if (session != null)
- session.close();
}
private void testUnauthorisedAPDU(byte[] aid, byte[] apdu) {
- Session session = null;
- Channel channel = null;
- boolean exceptionOnTransmit = false;
try {
waitForConnection();
Reader[] readers = seService.getReaders();
-
for (Reader reader : readers) {
- assertTrue(reader.isSecureElementPresent());
- session = reader.openSession();
- assertNotNull("Null Session", session);
- channel = session.openLogicalChannel(aid, (byte) 0x00);
- assertNotNull("Null Channel", channel);
- byte[] selectResponse = channel.getSelectResponse();
- assertNotNull("Null Select Response", selectResponse);
- assertEquals(selectResponse[selectResponse.length - 1] & 0xFF, 0x00);
- assertEquals(selectResponse[selectResponse.length - 2] & 0xFF, 0x90);
- assertTrue("Select Response is not complete", verifyBerTlvData(selectResponse));
- exceptionOnTransmit = true;
- channel.transmit(apdu);
- fail("Security Exception is expected");
+ Session session = null;
+ Channel channel = null;
+ try {
+ assertTrue(reader.isSecureElementPresent());
+ session = reader.openSession();
+ assertNotNull("Null Session", session);
+ channel = session.openLogicalChannel(aid, (byte) 0x00);
+ assertNotNull("Null Channel", channel);
+ byte[] selectResponse = channel.getSelectResponse();
+ assertNotNull("Null Select Response", selectResponse);
+ assertThat(selectResponse[selectResponse.length - 1] & 0xFF, is(0x00));
+ assertThat(selectResponse[selectResponse.length - 2] & 0xFF, is(0x90));
+ assertTrue("Select Response is not complete", verifyBerTlvData(selectResponse));
+ try {
+ channel.transmit(apdu);
+ fail("Security Exception is expected");
+ } catch (SecurityException e) {
+ // Expected
+ }
+ } finally {
+ if (channel != null) channel.close();
+ if (session != null) session.close();
+ }
}
- } catch (SecurityException ex) {
- if (!exceptionOnTransmit) {
- fail("Unexpected SecurityException onSelect" + ex);
- }
} catch (Exception e) {
- fail("Unexpected Exception " + e);
- } finally {
- if(channel != null)
- channel.close();
- if (session != null)
- session.close();
+ fail("Unexpected Exception " + e);
}
}
diff --git a/tests/tests/secure_element/access_control/AccessControlApp3/src/android/omapi/accesscontrol3/cts/AccessControlTest.java b/tests/tests/secure_element/access_control/AccessControlApp3/src/android/omapi/accesscontrol3/cts/AccessControlTest.java
index 7071628..3a8971c 100644
--- a/tests/tests/secure_element/access_control/AccessControlApp3/src/android/omapi/accesscontrol3/cts/AccessControlTest.java
+++ b/tests/tests/secure_element/access_control/AccessControlApp3/src/android/omapi/accesscontrol3/cts/AccessControlTest.java
@@ -18,6 +18,7 @@
package android.omapi.accesscontrol3.cts;
+import static org.hamcrest.CoreMatchers.is;
import static org.junit.Assert.*;
import static org.junit.Assume.assumeTrue;
@@ -241,121 +242,121 @@
}
private void testSelectableAid(byte[] aid) {
- Session session = null;
- Channel channel = null;
try {
waitForConnection();
Reader[] readers = seService.getReaders();
for (Reader reader : readers) {
- assertTrue(reader.isSecureElementPresent());
- session = reader.openSession();
- assertNotNull("Null Session", session);
- channel = session.openLogicalChannel(aid, (byte)0x00);
- assertNotNull("Null Channel", channel);
- byte[] selectResponse = channel.getSelectResponse();
- assertNotNull("Null Select Response", selectResponse);
- assertEquals(selectResponse[selectResponse.length - 1] & 0xFF, 0x00);
- assertEquals(selectResponse[selectResponse.length - 2] & 0xFF, 0x90);
- assertTrue("Select Response is not complete", verifyBerTlvData(selectResponse));
+ Session session = null;
+ Channel channel = null;
+ try {
+ assertTrue(reader.isSecureElementPresent());
+ session = reader.openSession();
+ assertNotNull("Null Session", session);
+ channel = session.openLogicalChannel(aid, (byte) 0x00);
+ assertNotNull("Null Channel", channel);
+ byte[] selectResponse = channel.getSelectResponse();
+ assertNotNull("Null Select Response", selectResponse);
+ assertThat(selectResponse[selectResponse.length - 1] & 0xFF, is(0x00));
+ assertThat(selectResponse[selectResponse.length - 2] & 0xFF, is(0x90));
+ assertTrue("Select Response is not complete", verifyBerTlvData(selectResponse));
+ } finally {
+ if (channel != null) channel.close();
+ if (session != null) session.close();
+ }
}
} catch (Exception e) {
fail("Unexpected Exception " + e);
- } finally{
- if (channel != null)
- channel.close();
- if (session != null)
- session.close();
}
}
private void testUnauthorisedAid(byte[] aid) {
- Session session = null;
- Channel channel = null;
try {
waitForConnection();
Reader[] readers = seService.getReaders();
-
for (Reader reader : readers) {
- assertTrue(reader.isSecureElementPresent());
- session = reader.openSession();
- assertNotNull("Null Session", session);
- channel = session.openLogicalChannel(aid, (byte)0x00);
- fail("SecurityException Expected ");
+ Session session = null;
+ Channel channel = null;
+ try {
+ assertTrue(reader.isSecureElementPresent());
+ session = reader.openSession();
+ assertNotNull("Null Session", session);
+ try {
+ channel = session.openLogicalChannel(aid, (byte) 0x00);
+ fail("SecurityException Expected");
+ } catch (SecurityException e) {
+ // Expected
+ }
+ } finally {
+ if (channel != null) channel.close();
+ if (session != null) session.close();
+ }
}
- } catch(SecurityException ex){ }
- catch (Exception e) {
+ } catch (Exception e) {
fail("Unexpected Exception " + e);
}
- if (channel != null)
- channel.close();
- if (session != null)
- session.close();
}
private void testTransmitAPDU(byte[] aid, byte[] apdu) {
- Session session = null;
- Channel channel = null;
try {
waitForConnection();
Reader[] readers = seService.getReaders();
-
for (Reader reader : readers) {
- assertTrue(reader.isSecureElementPresent());
- session = reader.openSession();
- assertNotNull("Null Session", session);
- channel = session.openLogicalChannel(aid, (byte)0x00);
- assertNotNull("Null Channel", channel);
- byte[] selectResponse = channel.getSelectResponse();
- assertNotNull("Null Select Response", selectResponse);
- assertEquals(selectResponse[selectResponse.length - 1] & 0xFF, 0x00);
- assertEquals(selectResponse[selectResponse.length - 2] & 0xFF, 0x90);
- assertTrue("Select Response is not complete", verifyBerTlvData(selectResponse));
- byte[] apduResponse = channel.transmit(apdu);
- assertNotNull("Null Channel", apduResponse);
+ Session session = null;
+ Channel channel = null;
+ try {
+ assertTrue(reader.isSecureElementPresent());
+ session = reader.openSession();
+ assertNotNull("Null Session", session);
+ channel = session.openLogicalChannel(aid, (byte) 0x00);
+ assertNotNull("Null Channel", channel);
+ byte[] selectResponse = channel.getSelectResponse();
+ assertNotNull("Null Select Response", selectResponse);
+ assertThat(selectResponse[selectResponse.length - 1] & 0xFF, is(0x00));
+ assertThat(selectResponse[selectResponse.length - 2] & 0xFF, is(0x90));
+ assertTrue("Select Response is not complete", verifyBerTlvData(selectResponse));
+ byte[] apduResponse = channel.transmit(apdu);
+ assertNotNull("Null Channel", apduResponse);
+ } finally {
+ if (channel != null) channel.close();
+ if (session != null) session.close();
+ }
}
} catch (Exception e) {
fail("Unexpected Exception " + e);
}
- if (channel != null)
- channel.close();
- if (session != null)
- session.close();
}
private void testUnauthorisedAPDU(byte[] aid, byte[] apdu) {
- Session session = null;
- Channel channel = null;
- boolean exceptionOnTransmit = false;
try {
waitForConnection();
Reader[] readers = seService.getReaders();
-
for (Reader reader : readers) {
- assertTrue(reader.isSecureElementPresent());
- session = reader.openSession();
- assertNotNull("Null Session", session);
- channel = session.openLogicalChannel(aid, (byte)0x00);
- assertNotNull("Null Channel", channel);
- byte[] selectResponse = channel.getSelectResponse();
- assertNotNull("Null Select Response", selectResponse);
- assertEquals(selectResponse[selectResponse.length - 1] & 0xFF, 0x00);
- assertEquals(selectResponse[selectResponse.length - 2] & 0xFF, 0x90);
- assertTrue("Select Response is not complete", verifyBerTlvData(selectResponse));
- exceptionOnTransmit = true;
- channel.transmit(apdu);
- fail("Security Exception is expected");
+ Session session = null;
+ Channel channel = null;
+ try {
+ assertTrue(reader.isSecureElementPresent());
+ session = reader.openSession();
+ assertNotNull("Null Session", session);
+ channel = session.openLogicalChannel(aid, (byte) 0x00);
+ assertNotNull("Null Channel", channel);
+ byte[] selectResponse = channel.getSelectResponse();
+ assertNotNull("Null Select Response", selectResponse);
+ assertThat(selectResponse[selectResponse.length - 1] & 0xFF, is(0x00));
+ assertThat(selectResponse[selectResponse.length - 2] & 0xFF, is(0x90));
+ assertTrue("Select Response is not complete", verifyBerTlvData(selectResponse));
+ try {
+ channel.transmit(apdu);
+ fail("Security Exception is expected");
+ } catch (SecurityException e) {
+ // Expected
+ }
+ } finally {
+ if (channel != null) channel.close();
+ if (session != null) session.close();
+ }
}
- } catch (SecurityException ex) {
- if (!exceptionOnTransmit) {
- fail("Unexpected SecurityException onSelect" + ex);
- }
} catch (Exception e) {
- fail("Unexpected Exception " + e);
- } finally {
- if(channel != null)
- channel.close();
- if (session != null)
- session.close();
+ fail("Unexpected Exception " + e);
}
}
