在ICS 4.0.4安全元件访问控制 [英] Secure element Access Control on ICS 4.0.4
问题描述
我更新了我的Android手机4.0.4,我注意到一个新文件的 nfcee access.xml 的出现在系统文件夹中。该文件的据我理解的思想是保持签名的列表,并允许访问的SE和相关打算只给了与这个签名中的一个签名的包。到目前为止,在这个列表中当然是谷歌钱包的签名。
I updated my Android phone to 4.0.4 and i noticed that a new file nfcee access.xml appeared in the system folder. The idea of the file as far as i understood is the keep a list of signatures, and allow access to the SE and related intends only to the packages that are signed with one of this signatures. So far in this list is of course the signature of the Google Wallet.
是否有人知道如何将这个过程在未来进入这个名单?您是否需要申请许可谷歌直接?
Does anybody know how would be the process in future to enter this list? Do you need to ask for permission directly Google?
推荐答案
如果你铲除你的手机,你可以修改文件。该文件包含签名和包名被允许进入安全元件(SE)的列表。该签名是一个十六进制恩codeD X.509证书。要创建一个,只需包括标记<调试/> 中的文件,它会打印的logcat六角恩codeD的应用程序签名被拒绝SE接入,便于剪切和粘贴到这个文件。
If you root your phone, you can modify the file. The file contains the list of signatures and package names that are allowed access to the Secure Element (SE). The signatures is a hex-encoded X.509 certificate. To create one, simply include the tag <debug /> in the file and it will print to logcat the hex-encoded signature of applications that are denied SE access, for easy cut-and-paste into this file.
要创建一个可以访问SE的应用程序,你需要这个权限添加到清单:
To create an app that can access the SE, you need to add this permission to the manifest:
<uses-permission android:name="android.permission.WRITE_SECURE_SETTINGS" />
要真正进入SE,则需要通过导入 com.android.nfc_extras 来访问隐藏API:
To actually access the SE, you need to access a hidden API by importing com.android.nfc_extras:
import com.android.nfc_extras.NfcAdapterExtras;
import com.android.nfc_extras.NfcAdapterExtras.CardEmulationRoute;
import com.android.nfc_extras.NfcExecutionEnvironment;
要实现这一点,最简单的方法是将其放置在封装/应用,并从那里建造它来编译在Android源$ C $ C树中的应用程序。您需要将下面一行添加到 Android.mk 生成文件以获得访问SE API:
The easiest way to make this possible is to compile your app in the Android source code tree by placing it in packages/apps and building it from there. You need to add the following line to the Android.mk makefile to get access to the SE API:
LOCAL_JAVA_LIBRARIES := com.android.nfc_extras
在 com.android.nfc_extras 的功能允许启用和禁用SE,发送指令给它,并从中接收响应(相当于 IsoDep .transceive())。
The functions in com.android.nfc_extras allow enabling and disabling the SE, sending commands to it and receiving responses from it (comparable to IsoDep.transceive()).
这篇关于在ICS 4.0.4安全元件访问控制的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
