Closed Bug 1165340 Opened 10 years ago Closed 9 years ago

[Secure Element] Perform ACE.isAccessAllowed check before dispatching HCI EVT TRANSACTION

Categories

(Firefox OS Graveyard :: NFC, defect)

Product:
Firefox OS Graveyard
Component:
NFC
Platform:
ARM
Gonk (Firefox OS)
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(firefox41 fixed)

Status:
RESOLVED FIXED
Milestone:
2.2 S14 (12june)
Tracking Flags:
Tracking Status
firefox41 --- fixed

People

(Reporter: tauzen, Assigned: tauzen)

References

Details

Attachments

(3 files, 4 obsolete files)

(1.1 nit fixes) Part 1: Using SEUtils and se_consts
3.84 KB, patch
tauzen
: review+
Details | Diff | Splinter Review
(1.1 nit fixes) Part 2: Consult ACE before dispatching HCI system message
3.44 KB, patch
tauzen
: review+
Details | Diff | Splinter Review
(1.1) Part 3: Update xpcshell tests
4.34 KB, patch
allstars.chh
: review+
Details | Diff | Splinter Review
Before dispatching system message containing HCI EVT_TRANSACTION data we need to consult ACE to check if web apps can actually receive it.
Blocks: b2g-secure-element
Depends on: 884594
Assignee: nobody → kmioduszewski
These are mostly 'nit' changes (but needed). I'm considering to combine this with Part 2 patch.
Attachment #8606315 - Flags: review?(allstars.chh)
Attachment #8606316 - Flags: review?(allstars.chh)
Attachment #8606317 - Flags: review?(allstars.chh)
Updated xpcshell tests are also required. Currently I'm having problems with running the test on latest version of emulator-jb.
Attachment #8606315 - Flags: review?(allstars.chh) → review+
Attachment #8606316 - Flags: review?(allstars.chh) → review+
Comment on attachment 8606317 [details] [diff] [review] Part 3: Use 'UICC' as SE type/origin across the stack Review of attachment 8606317 [details] [diff] [review]: ----------------------------------------------------------------- ::: dom/nfc/gonk/NfcService.cpp @@ +189,5 @@ > MOZ_ASSERT(static_cast<HCIEventOrigin>(mEvent.mOriginType) < HCIEventOrigin::EndGuard_); > > event.mOrigin.Construct(); > event.mOrigin.Value().AssignASCII(HCIEventOriginValues::strings[mEvent.mOriginType].value); > + // Open Mobile API specification V2.05, section 6.6.1, index 1 is optional Quota from specification: The slot number “1” for a reader is optional (SIM and SIM1 are both valid for the first SIM-reader, but if there are two readers then the second reader must be named SIM2) The specification is for API, not for the implementation. So the caller of this API should assume the first SE will be "SIM" or "SIM1", it does not say that the implementation should make the SIM1 to SIM. In our case, our RIL stack (Gecko part) supports multi-SIM (although Flame doesn't support 2 SIM-SEs), so using SIM1 makes our implementation easier. ::: dom/webidl/NfcOptions.webidl @@ +46,5 @@ > /** > * The source of HCI Transaction Event. > */ > enum HCIEventOrigin { > + "UICC", This seems should file another bug to discuss this as I remember some spec (even OpenMobile) are still using SIM.
Attachment #8606317 - Flags: review?(allstars.chh)
Comment on attachment 8606315 [details] [diff] [review] Bug 1165340 - Part 1: Using SEUtils and se_consts Review of attachment 8606315 [details] [diff] [review]: ----------------------------------------------------------------- ::: dom/nfc/messages/HCIEventTransactionSystemMessageConfigurator.js @@ +8,5 @@ > > Cu.import("resource://gre/modules/XPCOMUtils.jsm"); > Cu.import("resource://gre/modules/Promise.jsm"); > > +XPCOMUtils.defineLazyServiceGetter(this, "AppsService", Why do you change to upper-case? I check current codebase all uses 'appService'.
Comment on attachment 8606316 [details] [diff] [review] Part 2: Consult ACE before dispatching HCI system message Review of attachment 8606316 [details] [diff] [review]: ----------------------------------------------------------------- ::: dom/nfc/messages/HCIEventTransactionSystemMessageConfigurator.js @@ +15,5 @@ > > XPCOMUtils.defineLazyModuleGetter(this, "SEUtils", > "resource://gre/modules/SEUtils.jsm"); > > +XPCOMUtils.defineLazyServiceGetter(this, "ACEService", Ditto Also move KazyServiceGetter together.
Blocks: 1170220
Fix requested in comment 6.
Attachment #8606315 - Attachment is obsolete: true
Attachment #8613604 - Flags: review+
Attached patch Part 3: Update xpcshell tests (obsolete) — Splinter Review
xpcshell tests are working for me now on emulator-kk. Yoshi could you review this?
Attachment #8606316 - Attachment is obsolete: true
Attachment #8606317 - Attachment is obsolete: true
Attachment #8613607 - Flags: review?(allstars.chh)
Bug 1170220 was raised to discuss the naming of origin/se as it was suggested in comment 5.
Comment on attachment 8613607 [details] [diff] [review] Part 3: Update xpcshell tests Review of attachment 8613607 [details] [diff] [review]: ----------------------------------------------------------------- ::: dom/nfc/tests/unit/test_HCIEventTransactionSystemMessageConfigurator.js @@ +43,5 @@ > +let aceAccessAllowed = true; > + > +function setMockServices(manifest) { > + XPCOMUtils.defineLazyServiceGetter = (obj, service) => { > + if(service === "appsService") { if (...) @@ +56,5 @@ > + }, > + }; > + } > + > + if(service === "aceService") { else if () @@ +129,5 @@ > + aceAccessAllowed = true; > + > + HCIEvtTransactionConfigurator > + .shouldDispatch(MANIFEST_URL, PAGE_URL, TYPE, TEST_MESSAGES[1]) > + .then((result) => { Should merge these two tests and compare result with aceAccessAllowed directly. These two functions are doing the same thing
Attachment #8613607 - Flags: review?(allstars.chh)
Fixed issues raised in comment 12.
Attachment #8613607 - Attachment is obsolete: true
Attachment #8614636 - Flags: review?(allstars.chh)
Attachment #8614636 - Flags: review?(allstars.chh) → review+
Try build all green.
Keywords: checkin-needed
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: