android - Secure element Access Control on ICS 4.0.4

Question

I updated my Android phone to 4.0.4 and i noticed that a new file nfcee access.xml appeared in the system folder. The idea of the file as far as i understood is the keep a list of signatures, and allow access to the SE and related intends only to the packages that are signed with one of this signatures. So far in this list is of course the signature of the Google Wallet.

Does anybody know how would be the process in future to enter this list? Do you need to ask for permission directly Google?

Answer 1

If you root your phone, you can modify the file. The file contains the list of signatures and package names that are allowed access to the Secure Element (SE). The signatures is a hex-encoded X.509 certificate. To create one, simply include the tag <debug /> in the file and it will print to logcat the hex-encoded signature of applications that are denied SE access, for easy cut-and-paste into this file.

To create an app that can access the SE, you need to add this permission to the manifest:

<uses-permission android:name="android.permission.WRITE_SECURE_SETTINGS" />

To actually access the SE, you need to access a hidden API by importing com.android.nfc_extras:

import com.android.nfc_extras.NfcAdapterExtras;
import com.android.nfc_extras.NfcAdapterExtras.CardEmulationRoute;
import com.android.nfc_extras.NfcExecutionEnvironment;

The easiest way to make this possible is to compile your app in the Android source code tree by placing it in packages/apps and building it from there. You need to add the following line to the Android.mk makefile to get access to the SE API:

LOCAL_JAVA_LIBRARIES := com.android.nfc_extras

The functions in com.android.nfc_extras allow enabling and disabling the SE, sending commands to it and receiving responses from it (comparable to IsoDep.transceive()).