frc1983 / seek-for-android

Automatically exported from code.google.com/p/seek-for-android
0 stars 0 forks source link

What kind of return or exception should be thrown when no channel is avialable #23

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1.OpenLogicalChannel() to four applets of different AIDs or to an 
multi-selectable applet 4 times
2.When all channels are used, the new request of OpenLogicalChannel() should 
fail.

What is the expected output? What do you see instead?
The expected result should be defined.   An exception should be thrown, or a 
null should be returned.

Original issue reported on code.google.com by danny.w....@gmail.com on 31 May 2012 at 7:16

GoogleCodeExporter commented 9 years ago
The issue I reported was actually related to GP access control enforcer.   Here 
are the steps that I know of to open a logical channel with GP AC:

1. User app opens a logical channel with AID 0x1111
2. GP AC enforcer actually open a logical channel to GP AC applet on SE, but 
fails because no channel is available.
3. Based on the default rule on GP AC, it will throw a Security Denied 
exception to user app instead of a null to user app.

Original comment by danny.w....@gmail.com on 31 May 2012 at 8:51

GoogleCodeExporter commented 9 years ago
I have actually working on this same problem with multiple OEM.  Some OEM 
suggest according to 
http://seek-for-android.googlecode.com/svn/trunk/doc/org/simalliance/openmobilea
pi/Session.html#openLogicalChannel(byte[])

Returns:an instance of Channel. Null if the Secure Element is unable to provide 
a new logical channel.

So i believe that when you run out of channel, the Channel Object returned by 
openLogicalChannel should be null. (at least without any access control).

Now, with GPAC or Global Platform access control, this get a bit tricky.
as the access control enforecer required that if rule is not found or Access 
control Applet is not found, SecurityException should be thrown.  So some OEM 
argue that since we run out of channel to even communicate with Access Control 
applet, SecurityException is the right behavior.  But my argument is that when 
you run out of channel, it should be the same behavior with or without Access 
Control enforcer as that is transparent to API user, so Null Channel object 
should be returned in this case.

Hope that you guys agree with my assessment.

With GPAC access control, I have worked out a solution that is inside DTAG and 
I would open bug and proposed solution there once I got more testing on it.

A slight issue I have found on OpenMobile API though.  
mSmartcardService.openLogicalChannel could potentially return a 0 as channel 
Handle, but Session.openLogicalChannel is not handling that.  It should be 
checked before creating a valid channel object, I will open a new error against 
that.

Original comment by tommypo...@gmail.com on 6 Jun 2012 at 3:06

GoogleCodeExporter commented 9 years ago
Dtag issue 5 is opened against Dtag that it does not handle out of channel 
situation specifically.  solution for that is still under test.

https://github.com/DTAG-PD14/AccessControl/issues/5

Original comment by tommypo...@gmail.com on 19 Jun 2012 at 4:28

GoogleCodeExporter commented 9 years ago
Ok, SCAPI will return null object when no channels are available instead of 
SecurityException to allow client apps to distinguish the problem

Original comment by Daniel.A...@gi-de.com on 19 Jun 2012 at 1:12

GoogleCodeExporter commented 9 years ago
done with 2.4.0

Original comment by Daniel.A...@gi-de.com on 5 Jul 2012 at 11:51

GoogleCodeExporter commented 9 years ago
setting old issues from fixed to done

Original comment by Daniel.A...@gi-de.com on 5 Jul 2013 at 2:33