Snap for 10453563 from 18c6601b16ecfe81c592368f9342ec111c238d65 to mainline-conscrypt-release Change-Id: Ib4dcc57786ad4ca0652b80f96b81255e3b55e9d3

commit: 4c537e452cc8b0fcdc1554285ed40a94ab2dde60 [log] [tgz]
author: Android Build Coastguard Worker <android-build-coastguard-worker@google.com> Fri Jul 07 04:54:37 2023 +0000
committer: Android Build Coastguard Worker <android-build-coastguard-worker@google.com> Fri Jul 07 04:54:37 2023 +0000
tree: 45431ceae30cc769bf3342200d6ee9485fe7df09
parent: 933693eab1e5a0d870e9afb0781e82a0a85e43fa [diff]
parent: 18c6601b16ecfe81c592368f9342ec111c238d65 [diff]
diff --git a/1.0/SecureElement.cpp b/1.0/SecureElement.cpp
index a1bb997..7a71738 100644
--- a/1.0/SecureElement.cpp
+++ b/1.0/SecureElement.cpp

@@ -157,6 +157,13 @@
   memset(&resApduBuff, 0x00, sizeof(resApduBuff));
   STLOG_HAL_D("%s: Enter", __func__);
 
+  if (aid.size() > 16) {
+    STLOG_HAL_E("%s: Invalid AID size: %u", __func__, (unsigned)aid.size());
+    _hidl_cb(resApduBuff, SecureElementStatus::FAILED);
+    OpenLogicalChannelProcessing = false;
+    return Void();
+  }
+
   if (!isSeInitialized()) {
     STLOG_HAL_D("%s: Enter SeInitialized", __func__);
     ESESTATUS status = seHalInit();
@@ -308,6 +315,13 @@
   OpenBasicChannelProcessing = true;
   STLOG_HAL_D("%s: Enter", __func__);
 
+  if (aid.size() > 16) {
+    STLOG_HAL_E("%s: Invalid AID size: %u", __func__, (unsigned)aid.size());
+    _hidl_cb(result, SecureElementStatus::FAILED);
+    OpenBasicChannelProcessing = false;
+    return Void();
+  }
+
   if (!isSeInitialized()) {
     ESESTATUS status = seHalInit();
     if (status != ESESTATUS_SUCCESS) {

diff --git a/1.1/SecureElement.cpp b/1.1/SecureElement.cpp
index ba8c3b2..34b7e30 100644
--- a/1.1/SecureElement.cpp
+++ b/1.1/SecureElement.cpp

@@ -158,6 +158,13 @@
   memset(&resApduBuff, 0x00, sizeof(resApduBuff));
   STLOG_HAL_D("%s: Enter", __func__);
 
+  if (aid.size() > 16) {
+    STLOG_HAL_E("%s: Invalid AID size: %u", __func__, (unsigned)aid.size());
+    _hidl_cb(resApduBuff, SecureElementStatus::FAILED);
+    OpenLogicalChannelProcessing = false;
+    return Void();
+  }
+
   if (!isSeInitialized()) {
     STLOG_HAL_D("%s: Enter SeInitialized", __func__);
     ESESTATUS status = seHalInit();
@@ -297,6 +304,13 @@
   OpenBasicChannelProcessing = true;
   STLOG_HAL_D("%s: Enter", __func__);
 
+  if (aid.size() > 16) {
+    STLOG_HAL_E("%s: Invalid AID size: %u", __func__, (unsigned)aid.size());
+    _hidl_cb(result, SecureElementStatus::FAILED);
+    OpenBasicChannelProcessing = false;
+    return Void();
+  }
+
   if (!isSeInitialized()) {
     ESESTATUS status = seHalInit();
     if (status != ESESTATUS_SUCCESS) {

diff --git a/1.2/SecureElement.cpp b/1.2/SecureElement.cpp
index 0ec90ae..222f41e 100644
--- a/1.2/SecureElement.cpp
+++ b/1.2/SecureElement.cpp

@@ -163,6 +163,13 @@
   memset(&resApduBuff, 0x00, sizeof(resApduBuff));
   STLOG_HAL_D("%s: Enter", __func__);
 
+  if (aid.size() > 16) {
+    STLOG_HAL_E("%s: Invalid AID size: %u", __func__, (unsigned)aid.size());
+    _hidl_cb(resApduBuff, SecureElementStatus::FAILED);
+    OpenLogicalChannelProcessing = false;
+    return Void();
+  }
+
   if (!isSeInitialized()) {
     STLOG_HAL_D("%s: Enter SeInitialized", __func__);
     ESESTATUS status = seHalInit();
@@ -302,6 +309,13 @@
   OpenBasicChannelProcessing = true;
   STLOG_HAL_D("%s: Enter", __func__);
 
+  if (aid.size() > 16) {
+    STLOG_HAL_E("%s: Invalid AID size: %u", __func__, (unsigned)aid.size());
+    _hidl_cb(result, SecureElementStatus::FAILED);
+    OpenBasicChannelProcessing = false;
+    return Void();
+  }
+
   if (!isSeInitialized()) {
     ESESTATUS status = seHalInit();
     if (status != ESESTATUS_SUCCESS) {
@@ -523,6 +537,7 @@
 Return<::android::hardware::secure_element::V1_0::SecureElementStatus>
 SecureElement::reset() {
   int ret = 0;
+  void* stdll = nullptr;
   ESESTATUS status = ESESTATUS_SUCCESS;
   SecureElementStatus sestatus = SecureElementStatus::FAILED;
   std::string valueStr =
@@ -534,8 +549,11 @@
     if (status != ESESTATUS_SUCCESS) {
       STLOG_HAL_E("%s: seHalInit Failed!!!", __func__);
       if (valueStr.length() > 0) {
-        valueStr = VENDOR_LIB_PATH + valueStr + VENDOR_LIB_EXT;
-        void* stdll = dlopen(valueStr.c_str(), RTLD_NOW);
+        stdll = dlopen(valueStr.c_str(), RTLD_NOW);
+        if (!stdll) {
+          valueStr = VENDOR_LIB_PATH + valueStr + VENDOR_LIB_EXT;
+          stdll = dlopen(valueStr.c_str(), RTLD_NOW);
+        }
         if (stdll) {
           STEseReset fn = (STEseReset)dlsym(stdll, "direct_reset");
           if (fn) {

diff --git a/1.2/StEseService.cpp b/1.2/StEseService.cpp
index 7fa8e9f..c6faef3 100644
--- a/1.2/StEseService.cpp
+++ b/1.2/StEseService.cpp

@@ -17,12 +17,16 @@
  *
  ******************************************************************************/
 #define LOG_TAG "ese@1.2-service.st"
+#include <android-base/properties.h>
 #include <android/hardware/secure_element/1.2/ISecureElement.h>
+#include <dlfcn.h>
 #include <hidl/LegacySupport.h>
 #include <log/log.h>
 
 #include "SecureElement.h"
 
+typedef int (*STEsePreProcess)(void);
+
 // Generated HIDL files
 using android::OK;
 using android::sp;
@@ -36,6 +40,22 @@
   ALOGD("Secure Element HAL Service 1.2 is starting.");
   sp<ISecureElement> se_service = new SecureElement();
   configureRpcThreadpool(1, true /*callerWillJoin*/);
+
+  // Ignore this dlopen if you don't need it.
+  std::string valueStr =
+      android::base::GetProperty("persist.vendor.se.stpreprocess", "");
+  void* stdll = dlopen(valueStr.c_str(), RTLD_NOW);
+  if (stdll) {
+    STEsePreProcess fn = (STEsePreProcess)dlsym(stdll, "pre_process");
+    if (fn) {
+      if (fn() == 0) {
+        ALOGD("%s: init done", __func__);
+      } else {
+        ALOGE("%s: Error init ", __func__);
+      }
+    }
+  }
+
   status_t status = se_service->registerAsService("eSE1");
   if (status != OK) {
     LOG_ALWAYS_FATAL(

diff --git a/ese-spi-driver/Android.bp b/ese-spi-driver/Android.bp
index 6503586..118fadb 100644
--- a/ese-spi-driver/Android.bp
+++ b/ese-spi-driver/Android.bp

@@ -7,12 +7,9 @@
     default_applicable_licenses: ["hardware_st_secure_element_license"],
 }
 
-cc_library_shared {
-
-    name: "ese_spi_st",
+cc_defaults {
+    name: "ese_spi_st_defaults",
     defaults: ["hidl_defaults"],
-    proprietary: true,
-
     srcs: [
         "SpiLayerDriver.cc",
         "SpiLayerInterface.cc",
@@ -28,21 +25,32 @@
         "utils-lib/android_logmsg.cc",
         "utils-lib/DataMgmt.cc",
     ],
-
-    export_include_dirs: ["utils-lib"],
     cflags: [
         "-DANDROID",
         "-DBUILDCFG=1",
         "-Wall",
         "-Werror",
     ],
+}
 
-    shared_libs: [
-        "libcutils",
-        "libhardware",
-        "libhidlbase",
-        "libutils",
-        "liblog",
-        "libbase",
-    ],
+ese_spi_st_libs = [
+    "libcutils",
+    "liblog",
+    "libbase",
+]
+
+cc_library_shared {
+    name: "ese_spi_st",
+    defaults: ["ese_spi_st_defaults"],
+    proprietary: true,
+    export_include_dirs: ["utils-lib"],
+    shared_libs: ese_spi_st_libs,
+}
+
+cc_library_static {
+    name: "ese_spi_st_static",
+    defaults: ["ese_spi_st_defaults"],
+    export_include_dirs: [".", "utils-lib"],
+    static_libs: ese_spi_st_libs,
+    whole_static_libs: ["libcutils"],
 }
commit	4c537e452cc8b0fcdc1554285ed40a94ab2dde60	[log] [tgz]
author	Android Build Coastguard Worker <android-build-coastguard-worker@google.com>	Fri Jul 07 04:54:37 2023 +0000
committer	Android Build Coastguard Worker <android-build-coastguard-worker@google.com>	Fri Jul 07 04:54:37 2023 +0000
tree	45431ceae30cc769bf3342200d6ee9485fe7df09
parent	933693eab1e5a0d870e9afb0781e82a0a85e43fa [diff]
parent	18c6601b16ecfe81c592368f9342ec111c238d65 [diff]