Merge branch 'security-aosp-qt-release' into int/10/fp2
* security-aosp-qt-release:
OOB read in phNciNfc_RecvMfResp()
Change-Id: I1ff4661898e7c4b20310b8b08192b43da4d28497
diff --git a/nci/jni/NativeNfcManager.cpp b/nci/jni/NativeNfcManager.cpp
index 2b68ada..65f006f 100644
--- a/nci/jni/NativeNfcManager.cpp
+++ b/nci/jni/NativeNfcManager.cpp
@@ -83,7 +83,6 @@
SyncEvent gDeactivatedEvent;
SyncEvent sNfaSetPowerSubState;
bool legacy_mfc_reader = true;
-bool gNfccConfigControlStatus = false;
namespace android {
jmethodID gCachedNfcManagerNotifyNdefMessageListeners;
@@ -1170,7 +1169,6 @@
uint8_t nfa_set_config[] = {0x00};
nfa_set_config[0] = (flag == true ? 1 : 0);
- gNfccConfigControlStatus = flag;
tNFA_STATUS status =
NFA_SetConfig(NCI_PARAM_ID_NFCC_CONFIG_CONTROL, sizeof(nfa_set_config),
@@ -1260,9 +1258,7 @@
// configure NFCC_CONFIG_CONTROL- NFCC allowed to manage RF
// configuration.
- if (gNfccConfigControlStatus == false) {
- nfcManager_configNfccConfigControl(true);
- }
+ nfcManager_configNfccConfigControl(true);
NFA_SetRfDiscoveryDuration(nat->discovery_duration);
}
@@ -2141,9 +2137,8 @@
}
// configure NFCC_CONFIG_CONTROL- NFCC allowed to manage RF configuration.
- if (gNfccConfigControlStatus == false) {
- nfcManager_configNfccConfigControl(true);
- }
+ nfcManager_configNfccConfigControl(true);
+
}
/*******************************************************************************
diff --git a/nci/jni/NativeNfcTag.cpp b/nci/jni/NativeNfcTag.cpp
index 9cfad52..cd9f232 100644
--- a/nci/jni/NativeNfcTag.cpp
+++ b/nci/jni/NativeNfcTag.cpp
@@ -105,6 +105,8 @@
static sem_t sMakeReadonlySem;
static IntervalTimer sSwitchBackTimer; // timer used to tell us to switch back
// to ISO_DEP frame interface
+uint8_t RW_TAG_SLP_REQ[] = {0x50, 0x00};
+uint8_t RW_DESELECT_REQ[] = {0xC2};
static jboolean sWriteOk = JNI_FALSE;
static jboolean sWriteWaitingForComplete = JNI_FALSE;
static bool sFormatOk = false;
@@ -597,7 +599,7 @@
NfcTag& natTag = NfcTag::getInstance();
- tNFA_STATUS status;
+ tNFA_STATUS status = NFA_STATUS_OK;
int rVal = 1;
do {
@@ -608,6 +610,23 @@
rVal = STATUS_CODE_TARGET_LOST;
break;
}
+ if ((sCurrentRfInterface == NFA_INTERFACE_FRAME) &&
+ (NFC_GetNCIVersion() >= NCI_VERSION_2_0)) {
+ {
+ SyncEventGuard g3(sReconnectEvent);
+ if (sCurrentConnectedTargetProtocol == NFA_PROTOCOL_T2T) {
+ status = NFA_SendRawFrame(RW_TAG_SLP_REQ, sizeof(RW_TAG_SLP_REQ), 0);
+ } else if (sCurrentConnectedTargetProtocol == NFA_PROTOCOL_ISO_DEP) {
+ status =
+ NFA_SendRawFrame(RW_DESELECT_REQ, sizeof(RW_DESELECT_REQ), 0);
+ }
+ sReconnectEvent.wait(4);
+ if (status != NFA_STATUS_OK) {
+ LOG(ERROR) << StringPrintf("%s: send error=%d", __func__, status);
+ break;
+ }
+ }
+ }
{
SyncEventGuard g(sReconnectEvent);
diff --git a/nci/jni/extns/pn54x/src/mifare/phNxpExtns_MifareStd.cpp b/nci/jni/extns/pn54x/src/mifare/phNxpExtns_MifareStd.cpp
index 6eac138..a54f2c8 100644
--- a/nci/jni/extns/pn54x/src/mifare/phNxpExtns_MifareStd.cpp
+++ b/nci/jni/extns/pn54x/src/mifare/phNxpExtns_MifareStd.cpp
@@ -1180,7 +1180,11 @@
}
gAuthCmdBuf.auth_status = true;
status = NFCSTATUS_SUCCESS;
-
+ if ((PHNCINFC_EXTNID_SIZE + PHNCINFC_EXTNSTATUS_SIZE) >
+ RspBuffInfo->wLen) {
+ android_errorWriteLog(0x534e4554, "126204073");
+ return NFCSTATUS_FAILED;
+ }
/* DataLen = TotalRecvdLen - (sizeof(RspId) + sizeof(Status)) */
wPldDataSize = ((RspBuffInfo->wLen) -
(PHNCINFC_EXTNID_SIZE + PHNCINFC_EXTNSTATUS_SIZE));
diff --git a/res/values-ca/strings.xml b/res/values-ca/strings.xml
index 549a441..352b695 100644
--- a/res/values-ca/strings.xml
+++ b/res/values-ca/strings.xml
@@ -31,7 +31,7 @@
<string name="tap_again_to_complete" msgid="5423640945118279123">"Torna a tocar per completar-ho amb <xliff:g id="APP">%1$s</xliff:g>"</string>
<string name="transaction_failure" msgid="7828102078637936513">"No s\'ha pogut completar aquesta transacció amb <xliff:g id="APP">%1$s</xliff:g>."</string>
<string name="could_not_use_app" msgid="8137587876138569083">"No s\'ha pogut utilitzar <xliff:g id="APP">%1$s</xliff:g>."</string>
- <string name="pay_with" msgid="5531545488795798945">"Pagament amb"</string>
+ <string name="pay_with" msgid="5531545488795798945">"Paga amb"</string>
<string name="complete_with" msgid="6797459104103012992">"Completa amb"</string>
<string name="default_pay_app_removed" msgid="4108250545457437360">"S\'ha suprimit el teu servei preferit per pagar i tocar. En vols triar un altre?"</string>
<string name="ask_nfc_tap" msgid="2925239870458286340">"Toca un altre dispositiu pe completar el procés."</string>
diff --git a/res/values-de/strings.xml b/res/values-de/strings.xml
index 8dc769c..7367496 100644
--- a/res/values-de/strings.xml
+++ b/res/values-de/strings.xml
@@ -33,7 +33,7 @@
<string name="could_not_use_app" msgid="8137587876138569083">"Fehler bei der Verwendung von <xliff:g id="APP">%1$s</xliff:g>"</string>
<string name="pay_with" msgid="5531545488795798945">"Zahlen mit"</string>
<string name="complete_with" msgid="6797459104103012992">"Durchführen mit"</string>
- <string name="default_pay_app_removed" msgid="4108250545457437360">"Der von dir bevorzugte Dienst für das mobile Bezahlen wurde entfernt. Möchtest du einen anderen auswählen?"</string>
+ <string name="default_pay_app_removed" msgid="4108250545457437360">"Der von dir bevorzugte Dienst für das kontaktlose Bezahlen wurde entfernt. Möchtest du einen anderen auswählen?"</string>
<string name="ask_nfc_tap" msgid="2925239870458286340">"Zum Abschluss auf ein anderes Gerät tippen"</string>
<string name="wifi_connect" msgid="6250727951843550671">"Verbinden"</string>
<string name="status_unable_to_connect" msgid="9183908200295307657">"Verbindung zum Netzwerk konnte nicht hergestellt werden."</string>
diff --git a/res/values-es/strings.xml b/res/values-es/strings.xml
index f563e5d..8df1a41 100644
--- a/res/values-es/strings.xml
+++ b/res/values-es/strings.xml
@@ -3,7 +3,7 @@
xmlns:xliff="urn:oasis:names:tc:xliff:document:1.2">
<string name="app_name" msgid="78565911793142902">"Servicio NFC"</string>
<string name="nfcUserLabel" msgid="7708535817084357357">"NFC"</string>
- <string name="accessibility_nfc_enabled" msgid="7796246979948787735">"NFC habilitada"</string>
+ <string name="accessibility_nfc_enabled" msgid="7796246979948787735">"NFC habilitado"</string>
<string name="tap_to_beam" msgid="5819197866281059878">"Toca para compartir"</string>
<string name="beam_progress" msgid="7453634884807323920">"Transferencia entrante..."</string>
<string name="beam_outgoing" msgid="4679536649779123495">"Compartiendo..."</string>
@@ -40,7 +40,7 @@
<string name="status_wifi_connected" msgid="5893022897732105739">"Conectado"</string>
<string name="title_connect_to_network" msgid="2474034615817280146">"Conectar a la red"</string>
<string name="prompt_connect_to_network" msgid="8511683573657516114">"¿Quieres conectarte a la red <xliff:g id="NETWORK_SSID">%1$s</xliff:g>?"</string>
- <string name="beam_requires_nfc_enabled" msgid="2800366967218600534">"Para usar Android Beam, NFC debe estar habilitado. ¿Quieres habilitarlo?"</string>
+ <string name="beam_requires_nfc_enabled" msgid="2800366967218600534">"Para usar Android Beam, el NFC debe estar habilitado. ¿Quieres habilitarlo?"</string>
<string name="android_beam" msgid="1666446406999492763">"Android Beam"</string>
<string name="beam_requires_external_storage_permission" msgid="8798337545702206901">"La aplicación no tiene permiso de almacenamiento externo, necesario para compartir este archivo"</string>
<string name="title_confirm_url_open" msgid="8069968913244794478">"¿Quieres abrir el enlace?"</string>
diff --git a/res/values-ky/strings.xml b/res/values-ky/strings.xml
index c56a965..70c4e1c 100644
--- a/res/values-ky/strings.xml
+++ b/res/values-ky/strings.xml
@@ -14,7 +14,7 @@
<string name="beam_tap_to_view" msgid="7430394753262448349">"Көрүү үчүн таптаңыз"</string>
<string name="beam_handover_not_supported" msgid="4083165921751489015">"Алуучунун түзмөгү beam аркылуу чоң файлдарды кабылдабайт."</string>
<string name="beam_try_again" msgid="3364677301009783455">"Түзмөктөрдү кайрадан бириктириңиз"</string>
- <string name="beam_busy" msgid="5253335587620612576">"Учурда өткөрүү бош эмес. Мурунку өткөрүү аяктаганда кайра аракет кылыңыз."</string>
+ <string name="beam_busy" msgid="5253335587620612576">"Учурда өткөрүү бош эмес. Мурунку өткөрүү аяктаганда кайталап көрүңүз."</string>
<string name="device" msgid="4459621591392478151">"түзмөк"</string>
<string name="connecting_peripheral" msgid="1296182660525660935">"<xliff:g id="DEVICE_NAME">%1$s</xliff:g> туташтырылууда"</string>
<string name="connected_peripheral" msgid="20748648543160091">"<xliff:g id="DEVICE_NAME">%1$s</xliff:g> туташтырылды"</string>
@@ -42,11 +42,11 @@
<string name="prompt_connect_to_network" msgid="8511683573657516114">"<xliff:g id="NETWORK_SSID">%1$s</xliff:g> тармагына туташасызбы?"</string>
<string name="beam_requires_nfc_enabled" msgid="2800366967218600534">"Android Beam NFC иштетилишин талап кылат. Аны иштетесизби?"</string>
<string name="android_beam" msgid="1666446406999492763">"Android Beam"</string>
- <string name="beam_requires_external_storage_permission" msgid="8798337545702206901">"Колдонмонун сырткы сактагычты пайдаланууга уруксаты жок. Бул файлды өткөрүү үчүн мындай уруксат берилиши керек"</string>
+ <string name="beam_requires_external_storage_permission" msgid="8798337545702206901">"Колдонмонун тышкы сактагычты пайдаланууга уруксаты жок. Бул файлды өткөрүү үчүн мындай уруксат берилиши керек"</string>
<string name="title_confirm_url_open" msgid="8069968913244794478">"Шилтеме ачылсынбы?"</string>
<string name="summary_confirm_url_open" product="tablet" msgid="3353502750736192055">"Планшетиңизге NFC аркылуу шилтеме келди:"</string>
<string name="summary_confirm_url_open" product="default" msgid="1246398412196449226">"Телефонуңузга NFC аркылуу шилтеме келди:"</string>
<string name="action_confirm_url_open" msgid="3458322738812921189">"Шилтемени ачуу"</string>
- <string name="tag_read_error" msgid="2485274498885877547">"NFC\'ни окууда ката кетти. Кайра аракет кылыңыз."</string>
+ <string name="tag_read_error" msgid="2485274498885877547">"NFC\'ни окууда ката кетти. Кайталап көрүңүз."</string>
<string name="tag_dispatch_failed" msgid="3562984995049738400">"Бул NFC энбелгиси үчүн колдоого алынган колдонмо жок"</string>
</resources>
diff --git a/res/values-mr/strings.xml b/res/values-mr/strings.xml
index 948aacc..66c6709 100644
--- a/res/values-mr/strings.xml
+++ b/res/values-mr/strings.xml
@@ -42,11 +42,11 @@
<string name="prompt_connect_to_network" msgid="8511683573657516114">"<xliff:g id="NETWORK_SSID">%1$s</xliff:g> नेटवर्कशी कनेक्ट करायचे?"</string>
<string name="beam_requires_nfc_enabled" msgid="2800366967218600534">"Android Beam ला सक्षम करण्यासाठी NFC आवश्यक आहे. तुम्ही हे सक्षम करू इच्छिता?"</string>
<string name="android_beam" msgid="1666446406999492763">"Android बीम"</string>
- <string name="beam_requires_external_storage_permission" msgid="8798337545702206901">"अॅप्लिकेशनला बाह्य स्टोरेज परवानगी नाही. ही फाइल बीम करण्यासाठी हे आवश्यक आहे"</string>
+ <string name="beam_requires_external_storage_permission" msgid="8798337545702206901">"ॲप्लिकेशनला बाह्य स्टोरेज परवानगी नाही. ही फाइल बीम करण्यासाठी हे आवश्यक आहे"</string>
<string name="title_confirm_url_open" msgid="8069968913244794478">"लिंक उघडायची का?"</string>
<string name="summary_confirm_url_open" product="tablet" msgid="3353502750736192055">"तुमच्या टॅबलेटला NFC वरून एक लिंक मिळाली आहे:"</string>
<string name="summary_confirm_url_open" product="default" msgid="1246398412196449226">"तुमच्या फोनला NFC वरून एक लिंक मिळाली आहे:"</string>
<string name="action_confirm_url_open" msgid="3458322738812921189">"लिंक उघडा"</string>
<string name="tag_read_error" msgid="2485274498885877547">"NFC वाचण्यात एरर आली. पुन्हा प्रयत्न करा."</string>
- <string name="tag_dispatch_failed" msgid="3562984995049738400">"या NFC टॅग साठी कोणतेही सपोर्ट करणारे अॅप्लिकेशन नाही"</string>
+ <string name="tag_dispatch_failed" msgid="3562984995049738400">"या NFC टॅग साठी कोणतेही सपोर्ट करणारे ॲप्लिकेशन नाही"</string>
</resources>
diff --git a/res/values-pt/strings.xml b/res/values-pt/strings.xml
index 3317c99..ea30720 100644
--- a/res/values-pt/strings.xml
+++ b/res/values-pt/strings.xml
@@ -4,7 +4,7 @@
<string name="app_name" msgid="78565911793142902">"Serviço Nfc"</string>
<string name="nfcUserLabel" msgid="7708535817084357357">"Nfc"</string>
<string name="accessibility_nfc_enabled" msgid="7796246979948787735">"NFC habilitado."</string>
- <string name="tap_to_beam" msgid="5819197866281059878">"Tocar para enviar"</string>
+ <string name="tap_to_beam" msgid="5819197866281059878">"Toque para enviar"</string>
<string name="beam_progress" msgid="7453634884807323920">"Beam chegando..."</string>
<string name="beam_outgoing" msgid="4679536649779123495">"Enviando..."</string>
<string name="beam_complete" msgid="477026736424637435">"Envio concluído"</string>
@@ -24,7 +24,7 @@
<string name="pairing_peripheral" msgid="6983626861540899365">"Pareando <xliff:g id="DEVICE_NAME">%1$s</xliff:g>"</string>
<string name="pairing_peripheral_failed" msgid="6087643307743264679">"Não foi possível parear o <xliff:g id="DEVICE_NAME">%1$s</xliff:g>"</string>
<string name="failed_to_enable_bt" msgid="7229153323594758077">"Não foi possível ativar o Bluetooth"</string>
- <string name="confirm_pairing" msgid="4112568077038265363">"Tem certeza que quer parear o dispositivo Bluetooth <xliff:g id="DEVICE_NAME">%1$s</xliff:g>?"</string>
+ <string name="confirm_pairing" msgid="4112568077038265363">"Você quer mesmo parear o dispositivo Bluetooth <xliff:g id="DEVICE_NAME">%1$s</xliff:g>?"</string>
<string name="pair_yes" msgid="3525614878559994448">"Sim"</string>
<string name="pair_no" msgid="5022308368904055020">"Não"</string>
<string name="tap_again_to_pay" msgid="5754988005412859897">"Toque novamente para pagar com o <xliff:g id="APP">%1$s</xliff:g>"</string>
diff --git a/res/values/config.xml b/res/values/config.xml
index f5585dd..c5354c2 100644
--- a/res/values/config.xml
+++ b/res/values/config.xml
@@ -3,6 +3,7 @@
<string name="bluetooth_package" translatable="false">com.android.bluetooth</string>
<bool name="enable_nfc_url_open_dialog">false</bool>
<bool name="enable_auto_play">true</bool>
+ <bool name="enable_notify_dispatch_failed">false</bool>
<!-- List of SKUs where Secure NFC functionality is supported -->
<string-array name="config_skuSupportsSecureNfc" translatable="false" />
diff --git a/src/com/android/nfc/NfcService.java b/src/com/android/nfc/NfcService.java
index ca47417..48c3594 100644
--- a/src/com/android/nfc/NfcService.java
+++ b/src/com/android/nfc/NfcService.java
@@ -298,6 +298,7 @@
private ForegroundUtils mForegroundUtils;
private static NfcService sService;
+ private static Toast mToast;
public static boolean sIsDtaMode = false;
private IVrManager vrManager;
@@ -1576,9 +1577,14 @@
tag.removeTechnology(TagTechnology.NDEF_FORMATABLE);
tag.findAndReadNdef();
// Build a new Tag object to return
- Tag newTag = new Tag(tag.getUid(), tag.getTechList(),
- tag.getTechExtras(), tag.getHandle(), this);
- return newTag;
+ try {
+ Tag newTag = new Tag(tag.getUid(), tag.getTechList(),
+ tag.getTechExtras(), tag.getHandle(), this);
+ return newTag;
+ } catch (Exception e) {
+ Log.e(TAG, "Tag creation exception.", e);
+ return null;
+ }
}
return null;
}
@@ -2186,8 +2192,12 @@
if (!tag.reconnect()) {
tag.disconnect();
if (mScreenState == ScreenStateHelper.SCREEN_STATE_ON_UNLOCKED) {
- Toast.makeText(mContext,
- R.string.tag_read_error, Toast.LENGTH_SHORT).show();
+ if (mToast != null) {
+ if (mToast.getView().isShown()) mToast.cancel();
+ }
+ mToast = Toast.makeText(mContext, R.string.tag_read_error,
+ Toast.LENGTH_SHORT);
+ mToast.show();
}
break;
}
@@ -2524,41 +2534,51 @@
}
private void dispatchTagEndpoint(TagEndpoint tagEndpoint, ReaderModeParams readerParams) {
- Tag tag = new Tag(tagEndpoint.getUid(), tagEndpoint.getTechList(),
- tagEndpoint.getTechExtras(), tagEndpoint.getHandle(), mNfcTagService);
- registerTagObject(tagEndpoint);
- if (readerParams != null) {
- try {
- if ((readerParams.flags & NfcAdapter.FLAG_READER_NO_PLATFORM_SOUNDS) == 0) {
- mVibrator.vibrate(mVibrationEffect);
- playSound(SOUND_END);
- }
- if (readerParams.callback != null) {
- readerParams.callback.onTagDiscovered(tag);
+ try {
+ Tag tag = new Tag(tagEndpoint.getUid(), tagEndpoint.getTechList(),
+ tagEndpoint.getTechExtras(), tagEndpoint.getHandle(), mNfcTagService);
+ registerTagObject(tagEndpoint);
+ if (readerParams != null) {
+ try {
+ if ((readerParams.flags & NfcAdapter.FLAG_READER_NO_PLATFORM_SOUNDS) == 0) {
+ mVibrator.vibrate(mVibrationEffect);
+ playSound(SOUND_END);
+ }
+ if (readerParams.callback != null) {
+ readerParams.callback.onTagDiscovered(tag);
+ return;
+ } else {
+ // Follow normal dispatch below
+ }
+ } catch (RemoteException e) {
+ Log.e(TAG, "Reader mode remote has died, falling back.", e);
+ // Intentional fall-through
+ } catch (Exception e) {
+ // Catch any other exception
+ Log.e(TAG, "App exception, not dispatching.", e);
return;
- } else {
- // Follow normal dispatch below
}
- } catch (RemoteException e) {
- Log.e(TAG, "Reader mode remote has died, falling back.", e);
- // Intentional fall-through
- } catch (Exception e) {
- // Catch any other exception
- Log.e(TAG, "App exception, not dispatching.", e);
- return;
}
- }
- int dispatchResult = mNfcDispatcher.dispatchTag(tag);
- if (dispatchResult == NfcDispatcher.DISPATCH_FAIL && !mInProvisionMode) {
- unregisterObject(tagEndpoint.getHandle());
- if (mScreenState == ScreenStateHelper.SCREEN_STATE_ON_UNLOCKED) {
- Toast.makeText(mContext,
- R.string.tag_dispatch_failed, Toast.LENGTH_SHORT).show();
+ int dispatchResult = mNfcDispatcher.dispatchTag(tag);
+ if (dispatchResult == NfcDispatcher.DISPATCH_FAIL && !mInProvisionMode) {
+ unregisterObject(tagEndpoint.getHandle());
+ if (mScreenState == ScreenStateHelper.SCREEN_STATE_ON_UNLOCKED &&
+ mContext.getResources().getBoolean(R.bool.enable_notify_dispatch_failed)) {
+ if (mToast != null) {
+ if (mToast.getView().isShown()) mToast.cancel();
+ }
+ mToast = Toast.makeText(mContext, R.string.tag_dispatch_failed,
+ Toast.LENGTH_SHORT);
+ mToast.show();
+ }
+ playSound(SOUND_ERROR);
+ } else if (dispatchResult == NfcDispatcher.DISPATCH_SUCCESS) {
+ mVibrator.vibrate(mVibrationEffect);
+ playSound(SOUND_END);
}
- playSound(SOUND_ERROR);
- } else if (dispatchResult == NfcDispatcher.DISPATCH_SUCCESS) {
- mVibrator.vibrate(mVibrationEffect);
- playSound(SOUND_END);
+ } catch (Exception e) {
+ Log.e(TAG, "Tag creation exception, not dispatching.", e);
+ return;
}
}
}