samonsun / seek-for-android Goto Github PK

What's the problem?
The exception description of SEService.openLogicalChannel() is confusing.

If the AID is not available on SE, should IOException or NoSuchElementException 
be thrown?   To my understanding, a NoSuchElementException exception should be 
thrown, but at the end of the description of IOException, the "(e.g. if the AID 
is not available)" confused me.

http://groups.google.com/group/seek-for-android/browse_thread/thread/ed241f5f5f4
61341

Possible solution in Channel.java:
1. either change 0x9C to 0xBC in setChannelToClassByte()
Does this has any impact on other CLA bytes?

2. modify tansmit() to:
...
// set channel number bits
command[0] = command[0] | mChannelNumber;

byte[] rsp = getTerminal().transmit(command, 2, 0, 0, null);
return rsp;
...
And remove setChannelToClassByte() completely

Please support BIP Extensions on ICS 4.0.3.

Thanks,
Danny

Here is the sample code to re-produce the error:

SEService se = new SEService(this, this);

.......

if (!se.isConnected())
{
    m_errorDesc = "SEService should be connected.";
    return m_errorDesc;
}

try
{
    se.shutdown();
}
catch(Exception e)
{
}

if (se.isConnected())    // ERROR here !
{
    m_errorDesc = "SEService should not be connected.";
    return m_errorDesc;
}

The se.isConnected() returns true after SEService was shut down.

Thanks,
Danny

What's the problem?
as I know, that seek is not coming yet with GP SE AC + PKCS15 file system rules 
parsing however this seek.
it's necessary to have both implementations supported by the device, knowing 
that PKCS15 file systems rules will be only checked in case the secure element 
is UICC and there is no ARA-M application present. 

Because, some user updated binary including Global Plaform Access Control and 
then the users don't want to change thier SIM.
So,, it's better SEEK supports PKCS#15 applet file system.

What is the expected output? What do you see instead?


What version of the product are you using? On what operating system?
smartcard-api-2.4.0, ICS or JB

Please provide any additional information below.

Guys,

The new version don't allow me to perform a SELECT command.

But, in the EMV wolrd, SELECT command returns important information and I need 
them on my application.

I wont migrate to this new version due to this limitation. Can you handle this 
by at least providing the SELECT answer in the basicChannel?

Thanks.

What's the problem?
I need this implemented in a Tablet - a samsung galaxy tab 2 gt-P3100
Can it be done? The google code website has builds specific to only the Nexus 
Family & Moto Xoom. 
Can a ROM be built for a Samsung Galaxy Tab 2? from Source?
What mode should I select in lunch??

What steps will reproduce the problem?
1. IF this is compatible with the tab
2. What lunch command I should use
3. If building for (say maguro) can be installed on my device


What is the expected output? What do you see instead?
I get a ROM specific for the device I specify in Lunch.
I need one for my tablet not for those devices

What version of the product are you using? On what operating system?
Galaxy Tab 2 7.0 GT-P3100
Ubuntu 10.04

Please provide any additional information below.

What steps will reproduce the problem?
Build SmartCard API and flash the system according to the Wiki page. On the 
device, /system/etc/permissions/org.simalliance.openmobileapi.xml is not 
included 

I followed the basic steps in the wiki for creating an Addon Terminal and 
tested it by running the OpenMobileApiSample application.  It correctly found 
the new terminal but an exception was thrown calling 
session.openBasicChannel(null).  

It appears that the service is trying to enableAccessConditions which results 
in a comparison to a literal value of 0x9000 (SELECT AID) in 
AccessControlApplet.  


What steps will reproduce the problem?
1. Build the SamplePluginTerminal (DummyTerminal) and install on device 
2. Install and run OpenMobileApiSample

What is the expected output? 
Expected to see the hard-code dummy response from the sample terminal.

What do you see instead? 
The following output appeared in the sample terminal:

OpenBasicChannel
Exception: java.lang.SecurityException: java.security.AccessControlException: 
AID not found


What version of the product are you using? On what operating system?
Seek version: 2.3.2
Android version: Gingerbread 2.3.2 (custom build for custom device)

What's the problem?

The Global Platform Access Control specification is not completely implemented 
as called for on page 17, where the specifications states: If the ARA-M is not 
present, the Access Control enforcer shall retrieve the access rules from the 
Access Rule Files (ARF), as illustrated in Figure 2-4.


What steps will reproduce the problem?
1. Configure UICC with access control rules in ARF, but no ARA-M is present
2.
3.

What is the expected output? What do you see instead?

The rules in the ARF should be followed; however, with the current 
implementation all access will be denied.

What version of the product are you using? On what operating system?
N/A

Please provide any additional information below.

What's the problem?

Installed SE applications are not selected except SE Application - Card 
Manager, SIM, WIM, and GSM.
when I tried to select the SE application, 'NoSuchElementException' displays on 
logcat.

Sample AID of SE Application is A0000000031010.

What steps will reproduce the problem?
1. Install SE Application ( AID : A0000000031010 ).
2. Select SE Application ( AID : A0000000031010 )
   using Session.openLogicalChannel Method.


What is the expected output? What do you see instead?
1. expected output : return Channel. 
2. But my output : NoSuchElementException occurred.

What version of the product are you using? On what operating system?
Android 4.0.4, Galaxy S3 SGH-I747, AT&T

Please provide any additional information below.
It's working well on the other phone.
( Android 4.1.1, Galaxy S3 GT-I9300, 
  Android 4.1.1, Galaxy S3 SGH-I747 )

according to API Spec @ 
http://seek-for-android.googlecode.com/svn/trunk/doc/org/simalliance/openmobilea
pi/Session.html#openLogicalChannel(byte[]), when user call 
Session.openLogicalChannel against an non-existing AID or non-multiselectable 
AID, he/she should get NoSuchElementException according to following statement:

java.utils.NoSuchElementException - if an Applet with the defined AID does not 
exist in the SE or a logical channel is already open to a non-multiselectable 
applet

But they would not get it because in SEService.java openLogicalChannel, when 
checkIfAppletAvailable() is called, NoSuchElementException got casted into 
IOException, following is the solution:

    private void checkIfAppletAvailable(SmartcardError error) throws IOException {
        Exception exp = error.createException();
        if (exp != null) {
            if(exp instanceof NoSuchElementException) {
                //wrong behavior against API spec
                        // start of solution
                //throw new IOException("Applet with the defined aid does not exist in the SE");
                throw new NoSuchElementException("Applet with the defined aid does not exist in the SE");
                        // end of solution
            }
        }
    }

What steps will reproduce the problem?
1. Create an android app on Eclipse
2. Compiled with Smartcard 2.2.2 jar file
3. Run on an ICS device with Smartcard 2.3.2

What is the expected output? What do you see instead?
The APIs are backward compatible, and the app compiled with older jar file 
should be able to run on a device with Smartcard 2.3.2.

I'm suspecting the issue is caused by the change of the package name of 
android.smartcard.  

The problem was found on a real device.  I am not sure if the problem can be 
re-produced on an emulator.

Thanks,
Danny

What's the problem?

I can't apply patches to cyanogenmod 7.2 (which is gingerbread 2.3.7) in order 
to get eap-sim working.

I applied patches in this order:

smartcard-api.patch (2.3.0 version)
uicc.patch (2.3.0 version)
pcsc_system_service_v098.patch
eap-sim-aka_0.4.1.patch

The build (it builds properly) I get for my lg p970 has not working eap-sim. 
Did I miss something? Could someone help me? I know you are not part of 
cyanogenmod team, but my problem is to get eap-sim working on my phone and they 
can't (or don't want) to help me...

I want to help other users which have less knowledge than me with this, so if 
you could help me in order to get a working ROM, it would be very kind from you.

What's the problem?
i am unable to open basic/logical channel using following:

Channel channel = _session.openBasicChannel(aid);
Channel channel = _session.openLogicalChannel(aid);

For basic it channel it returns null, and for logical channel it returns 
java.lang.SecurityException: Connection refused !!!

What steps will reproduce the problem?
1.
I am working on Samsung SIII(4.0.4) supporting OpenMobileAPI with a proprietary 
applet on UIIC having AID "D2760000285100101001028901" 
2.
Applet reply "019000" to command "00CA000000".

What is the expected output? What do you see instead?
Hoping i can SELECT applet and send command to it and get response back


What version of the product are you using? On what operating system?
Samsung SIII(4.0.4)

Please provide any additional information below.
However this gives me correct ATR: byte[] atr = _session.getATR(); of SIM card.

According to 
http://seek-for-android.googlecode.com/svn/trunk/doc/org/simalliance/openmobilea
pi/Reader.html#openSession()

public Session openSession()
                    throws IOException

suppose to throw IOException if something went wrong with the communicating to 
the Secure Element or the reader.

However, when tested with UICC Reader, without a UICC (SIM) inserted, hence, no 
SE present, this API does not throw IOException as expected.

following is a tested propose solution to this issue.

public Session openSession() throws IOException {
        // should check whether SE presents before proceed to OpenSession
        // according to API doc, IOException should be raised if communication to SE went wrong
        // start of solution
        if (!mService.isSecureElementPresent(this))
            throw new IOException("Secure Element is not presented.");
        // end of solution

        synchronized (mSessions) {
            Session session = new Session(getName(), this);
            mSessions.add(session);
            return session;
        }
    }

Purpose of this feature: Since a new api (getSelectResponse()) added to 
OpenMobile, applications need a way to identify what version of the OpenMobile 
library is used.


How should the feature be integrated: To add a method such like 
SEService.version(), maybe?


Thanks,
Danny

For UICC SE, the name of Reader used to be "UICC" prior to v2.3.   Since 
v2.3.3, the SE name was changed to "SIM: UICC" which would not be backward 
compatible. 

Line #44 of the UiccTerminal.java in the 
.../smartcard-api/src/org/simalliance/openmobileapi/service/terminals folder.

SmartcardService.openLogicalChannel return a long value which is a handle 
(address to the object?), which should indicate the channel is NOT opened 
successfully.

However, in SEService.java, such condition is not being handled properly, below 
is a proposed solution on that.

    Channel openLogicalChannel(Session session, byte[] aid) throws IOException {
        if (session == null) {
            throw new NullPointerException("session must not be null");
        }
        if (session.getReader() == null) {
            throw new NullPointerException("reader must not be null");
        }

        if (mSmartcardService == null) {
            throw new IllegalStateException("service not connected to system");
        }
        if (session.isClosed()) {
            throw new IllegalStateException("session is closed");
        }

        SmartcardError error = new SmartcardError();
        long hChannel;
        try {
            hChannel = mSmartcardService.openLogicalChannel(session.getReader().getName(), aid,
                    mCallback, error);
        } catch (Exception e) {
            throw new IOException(e.getMessage());
        }
        if (channelCannotBeEstablished(error)) {
            return null;
        }
        checkIfAppletAvailable(error);
        checkForException(error);

        // need to check whether channel is actually valid
        // my understanding is that channel 0 means it does not succeed.
        // start of solution
        if (hChannel == 0)
            return null;
        // end of solution

        Channel logicalChannel = new Channel(session, hChannel, true);
        return logicalChannel;
    }

According to 
http://seek-for-android.googlecode.com/svn/trunk/doc/org/simalliance/openmobilea
pi/SEService.html#SEService(Context, 
org.simalliance.openmobileapi.SEService.CallBack)

public SEService(Context context,
                 SEService.CallBack listener)

listener - a SEService.CallBack object. Can be null.

However, when calling the function like this:

try
{
    seService = new SEService(m_activity, null);
} catch (Exception e)
{
}

while (!seService.isConnected())
{           
    try
    {
        Thread.sleep(100);
    } catch (Exception e)
    {
    }
}

java.lang.NullPointerException: listener must not be null is thrown.

expected behavior is that exception is not thrown and the following while loop 
should be terminated when after the SEService is connected. (normally when a 
callback occur).

What's the problem?

I'm using Seek-for-android in order to exchange APDU with UICC. 

Currently (Seek 2.3.2), Channel.getSelectResponse() returns NULL. According to 
the source code (UiccTerminal.java), the value of mSelectResponse is always 
"null". In other Terminal subclasses, this value is set.

For instance :

mSelectResponse = transmit(selectCommand, 2, 0x9000, 0xFFFF, "SELECT");

Question : Why does this different implementation exist ? Is it possible to 
have a consistent behaviour ?

Purpose of this feature:
Being able to compile SCAPI applications that do not statically link with 
org.simalliance.openmobileapi.jar but use the shared library of the device 
instead.

How should the feature be integrated:
Download package for the Android SDK Manager

What's the problem?

Sometimes, we get an IOException "Applet with the defined aid does not exist in 
the SE" when we are trying to open a logical channel. However, the Applet 
exists on the Secure Element.


What steps will reproduce the problem?
1. Connect to a reader and open a logical channel, do some apdu exchanges
2. Close the channel and the session.
3. Open a new session and a new logical channel to another aid.
4. Reopen a logical channel to the first aid, and the exception will be thrown.

What is the expected output? What do you see instead?
we get an IOException "Applet with the defined aid does not exist in the SE" 
instead of an opened logical channel 

What version of the product are you using? On what operating system?
MSC Smartcard Service 2.3.0 which correspond to my issue.

I have seen a new method in SEService since the 2.3.0 release :
private void checkIfAppletAvailable(SmartcardError error) throws IOException {
            Exception exp = error.createException();
            if (exp != null) {
                if(exp instanceof NoSuchElementException) {
                    throw new IOException("Applet with the defined aid does not exist in the SE");
                }
            }
        }


Please provide any additional information below.

What's the problem?
When an applet is not multiple-selectable and is already selected by an app, 
the second app which tries to select it should receive an exception.  What kind 
of exception it should receive?  It should be specified in SmartCard JavaDoc.

Thanks.

Purpose of this feature: Performance improvement


How should the feature be integrated: Globalplatform Access Control enforcer

Due to the communication latency between device and UICC, fetching the Refresh 
tag every time when openLogicalChannel() is called is proved very costly at 
performance.

One of improvement options is to move the Refresh tag fetching from Channel 
layer to Session layer.  In other words, AC enforcer should fetch the Refresh 
tag only when a new session instead of a channel is opened.   Theologically the 
change will booster the performance 40% to 80%.

Thanks.  

What's the problem?


What steps will reproduce the problem?
1. From pcsc_system_service_v098.patch, we found we need put "chmod 4755 
/system/bin/pcscd"
2. 4755 means it has setuid
3. Why pcsc need setuid? Is it safe?

What's the problem?
I am using a P3100 tab. I am not able to put the tab in fastboot mode.
I have heard in xda forums that this tab doesnt support a Fastboot mode.
So how do I flash the ROM - which I have built onto the device

What steps will reproduce the problem?
1. Alternative flashing method (than fastboot)
2. Enabling fastboot on the P3100
3. Any other ideas to flashing a ROM - such as how to use Odin & Whether 
heimdall will work?

What is the expected output? What do you see instead?
1. fastboot devices shows no device
2. The power & volume down combo should show a menu for download & fastboot 
modes. Instead it just boots to download/odin mode.
3. adb reboot bootloader reboots into the OS - not bootloader
4. fastboot oem unlock says waiting for device endlessly

What version of the product are you using? On what operating system?
1. Samsung Galaxy Tab 2 7.0 GT-P3100
2. Ubuntu 10.04
3. I have CWM installed on the tablet
4. The tablet is rooted

Please provide any additional information below.

I have a test that create 10 thread that each does new SEService and GetReaders 
and then so on and so forth all the way down to transmitting APDU in logical 
channel.

What i discovered is that on Android JellyBean device, PackageManager is easily 
craching during that process when one of the thread call GetReaders (becuase of 
out of memory situation0.  Upon further study, there's PackageManager is being 
killed and that trigger uncaught exception on Client level.  With some root 
cause analyze, 2 thing is discover.

1) GetReaders always call AddonTerminal.java getPackageNames always get a whole 
list of all installedPackages
2) then it does an expensive loop of comparison against 2 strings, that can be 
100ms+

If AddonTerminal.getPackagesNames is not thread/process safe, then 
Getinstalledpackages in ObjectManager can also take extended period of time 
that's the case, the long operation can easily be pre-emptted and result in 
large amount of memory being allocated at the same time.  This issue would need 
to be addressed because:

1) because the getPackageManager and string comparison is extremely expensive 
in performance.
2) more importantly, the memory foot print that is needed.

AddonTerminal does not affect the build in Readers (UICC, eSE, uSD), is there 
any real life use case other than for testing purpose?  if not, should it be 
done on the Service.onCreate time and have that information cached?

I am new to Android and NFC development and have encountered the
following
problem that I would like some help to resolve.

I have taken a simple NFC app to communicate with a simple secure
element. My app compiles and loads, but gets the following errors when
starting execution.
06-25 14:19:58.545: I/dalvikvm(5140): Failed resolving Lcom/project/
android/AndroidActivity; interface 38 'Lorg/simalliance/openmobileapi/
SEService$CallBack;'

i inserted the .jar in "Librairies" of Java Build Path.

I don't know what to do.

Thanks for your help.

Nicolas 

Function getSelectResponse()on channel always throws an exception:

01-23 17:09:40.399: ERROR/AndroidRuntime(1868): java.lang.NoSuchMethodError: 
org.simalliance.openmobileapi.Channel.getSelectResponse



What steps will reproduce the problem?
1.Start the application with UICC
2.do openLogicalChannel
3.Then do getSelectResponse() in Channel.

What is the expected output? What do you see instead?
It should work properly.

What version of the product are you using? On what operating system?
2.3.2 for smart-card-api.

Please provide any additional information below.

What's the problem?
After SEService is connected, calling shutdown() without calling getReaders() 
will result in a NULL exception on SEService.  

Here is the partial code to produce the error:
    public void serviceConnected(SEService service) 
    {
        se = service;
        if ( se.isConnected() )
        {
            Log.d(LOG_TAG, "Before SEService shut down!");
            // Reader[] readers = se.getReaders();  /* uncomment it to prevent a NULL exception
            se.shutdown();
            Log.d(LOG_TAG, "After SEService shut down!");
        }
    }


What is the expected output? What do you see instead?
There should not be any exception thrown.

What version of the product are you using? On what operating system?

HTC Amaze 4G

What's the problem?
at protocolTransmit method which is in Terminal.java, there is no filtering 
options on sw2

according to "ETSI_TS_102_221v070200p_Smart cards_UICC Terminal 
Interface_Physical and logical characteristics" and
"info_isoiec7816-4{ed2.0}en" documentation, SW2 is distinctly decleared as below

SW1  SW2       Description
'63' 'F1' - More data expected
'63' 'F2' - More data expected and proactive command pending
'63' '00' - No information given
'63' '81' - File filled up by the last write
'63' 'CX' - Counter from 0 to 15 encoded by 'X' (exact meaning depending on the 
command)

when rsp is 63XX, it always retransmitting for getResponse. even if SW2 is not 
in above table
when SW1 == 63 && SW2(not in above table), I think it must be send rsp to 
application directly 

What is the expected output? What do you see instead?
Code likely to be fixed.
====================================
protected synchronized byte[] protocolTransmit(byte[] cmd) throws CardException 
{
...
    int sw1 = rsp[rsp.length - 2] & 0xFF;
+    int sw2 = rsp[rsp.length - 1] & 0xFF;
...
-    } else if (rsp.length == 2 && sw1 == 0x63) {
+    } else if (rsp.length == 2 && sw1 == 0x63 && (sw2 == 0xF1 || sw2 == 0xF2 
|| sw2 == 0x00 || sw2 == 0x81 || sw2 == 0xCX)) {
...
}

On:
http://www.gnupg.org/howtos/card-howto/en/smartcard-howto-single.html
the GnuPG developers discuss how to use an OpenPGP smart card in a USB card 
reader with GnuPG. 

It would be excellent if the SEEK project not only added hardware cryptography 
for Android applications, but presented the attached cryptographic hardware as 
a standard card reader and (OpenPGP) smart card when plugged into a PC by USB 
(and maybe other standards, such as Bluetooth if possible).

Use case for having this feature implemented:
At the moment, the most practical option for two-factor authentication is to 
buy a smart card reader and smart card. It would be excellent if an Android 
phone could fulfil that role instead for a number of reasons:
* lower cost, if the user already has the phone;
* more convenient, as a lot of users will have their phones with them (as 
opposed to having to carry a card and often a reader); 
* more powerful, as an Android phone has the potential to provide a much more 
complete (and hardware accelerated) implementation than any one smart card; and
* potential for on-device PIN entry.

If the device can pretend to be a standard smart card/reader, the potential is 
quite impressive, as it could nearly-instantly have support in GnuPG, log-ins, 
website authentication etc. I assume that you would want to make sure that the 
device readable by OpenSC:
http://www.opensc-project.org/opensc/wiki/OverView and the Linux kernel Crypto 
API.

To clarify, what I am looking to do is buy a 
http://www.gd-sfs.com/the-mobile-security-card/ put it into my Android phone, 
plug my Android phone into my Ubuntu Linux computer and have Ubuntu (and GnuPG) 
see the mobile security card and phone as a standard smart card that I can use 
to log on, sign emails etc.

I would have thought that adding this capability to Android would help your 
other aims, as cryptography on the Android currently suffers the chicken-egg 
problem. With users using the Android as a smart card reader, there will 
quickly be a large demand on the cryptographic functions of the device (as a 
large number of desktop applications can use cryptography), which will 
encourage the hardware acceleration sufficient to encourage adoption by Android 
applications.

mReaders is defined as a non final private field in SEService.
The value is reset on each invocation of getReaders() (line #171)
However the code relies on mReaders for thread syncronization in shutdown code, 
while the variable can possible reset leading to a race.

In addition, onServiceDisconnected callback also syncronizes on mReaders. In 
case the user never called getReader mReaders will be equal to null leading to 
syncronization on null variable.

According to GP Secure Element AC spec 1.0 (section 4.2), there are 2 ways for 
the Enforcer to be implemented:  1. Pre-Cache Rules and Refresh Tag mechanism.  
2. Instant Query mechanism, which means that the access control enforcer would 
never query rules up front; instead, on each open logical channel action, the 
Access Control enforcer retrieves the rules associated to the AID & the cert 
hash from ARA applet to determine the permission.   

Looking into the code of SC 2.4, it seems to me that the implementation does 
not follow any of the two mechanisms that GP specified.

Here is a scenario that could cause an error to evaluate access control rules:

1. App-A opens a logical channel to AID-1. As a result, GPAC enforcer loads the 
access control rules associated with AID-1.
2. App-B opens a logical channel to AID-2. As a result, GPAC enforcer loads the 
access control rules associated with AID-2.
3. OTA adds an access control rule to AID-2.  The value of Refresh tag is 
changed accordingly.
4. App-A opens a logical channel to AID-1. As the value of Refresh Tag is 
changed, GPAC enforcer re-loads the access control rules associated to AID-1.  
The new value of Refresh Tag also replaces the current Refresh tag.
5. App-B opens a logical channel to AID-2. Due to the value of Refresh Tag is 
unchanged, GPAC enforcer uses the cashed access control rules associated to 
AID-2, which is out of date as the rules have been changed since step 3.

[deleted issue]

SIM cards that support T=1 only are not supported by the emulator. Include 
proper handling to handle T=0 and T=1

Purpose of this feature: To full support GP Access Control and to be GP Access 
Control compliant.

How should the feature be integrated: To integrate NFC-AR-DO with Android NFC 
Services and replace the nfcee_access.xml scheme.

Use case for having this feature implemented: The access control for 
connectivity and transaction events on Android should be GPAC compliant instead 
of Android's proprietary approach (i.e. nfcee_access.xml).

Hi,

We are able to successfully build the source code for Android 4.0.3 and able to 
apply the patches of  smartcard-api-2_4_0.tgz. 

But now we want to try a sample program through emulator for which you had 
mentioned to go through PCSC support and patch for it. But we are able to find 
the patch for only upto pcsc_systemservice_v098.patch(for SmartCard API 2.3.0 
and Android 2.3.7r1) only.

 If we apply that patch we are getting HUNK failed messages, which will come for version compatabilities as per our knowledge.

So could you please tell us whether pcsc patch is available for Android 
source4.0.3 version?

If so Could you please provide us the link to download it? and if not Could you 
please guide us how to run a sample program through Emulator??

Thanks in advance...

On Android, a service could potentially be killed for varvious reason.  like a 
service it is depending on has died.  Anyway, the issue is that while there's 
cleanup logic on SEService Client API level on Service unBind and also 
SmartCardService onDestroy, it would not cover the situation if the process is 
killed.

To reproduce it
1. Have an application that open all the possible logical channel to UICC with 
SEEK (e.g. using a multiselectable Applet)
2. on debug DDMS, kill remote SmartCardService API (SEEK) process
3. Client close the session and shutdown the SEService on SEEK
4. Attemp to open a logical channel with SEEK again

- on 4), client should be able to open new channel again with a new SEService
- in reality, when Client close the session and shutdown the SEService, since 
the service it is associated with is already killed, that unbind the service 
and result in the cleanup logic from client level no longer working correctly.
- neither would the SmartCardService onDestroy would run because the process is 
killed

As a brainstorm solution idea:
- SmartCardService is keeping track on channel that is opened so it can do 
cleanup probably if onDestroy is triggered, but that is not presistent, so if 
onDestroy is not called, no cleanup would run.
- If opened channel is kept presistent, then when SmartCardService is 
started/restarted, it checks with any opened channels and close them properly.

Access Control relies on logical channel support to check for proper access 
control rules. If the SIM does not support logical channels, no access is 
granted.

EAP-SIM is a typical use case where SIM access on the basic channel is required 
without the need to have logical channel support as well.

Moto Xoom with ASSD patched into kernel 'android-tegra-moto-2.6.39-ics-mr1' 
with SCAPI 2.3.2 & 2.3.3

No USB connection, after device wakes up, no ASSD access possible

What steps will reproduce the problem?
1. Load multiple applets in SIM connected with T=0
2. Run GP GET STATUS command where response is more than one APDU
3. 6310 is returned, SCAPI should take care of protocol handling like with 61xx

What is the expected output? What do you see instead?
expected:
-> 81 F2 20 00 0A 4F 00
   <- 63 10
   -> 01 C0 00 00 00
   <- 6C FF
   -> 01 C0 00 00 FF
<- <FF data> 90 00

actual:
-> 81 F2 20 00 0A 4F 00
<- 63 10

Hii,

I am able to successfully build the 4.0.3 source with emulator support(but not 
for any real device) in ubuntu12.10.

Actually, My development environment is Windows. Now how can I integrate this 
build with my windows so that I can work on Eclipse on my windows using 
emulator. 

And one more question Can I run java card applet on emulator using the above 
build?? If possible how can I do that? and what are the pre-requisites.

Please help me.. Thanks in advance..

Hello!

SEService getReaders returns null, when using openmobileapi.
But, using android.smartcard.jar everything is good.
What might be the problem?

Thanks in advance.

What steps will reproduce the problem?
1.OpenLogicalChannel() to four applets of different AIDs or to an 
multi-selectable applet 4 times
2.When all channels are used, the new request of OpenLogicalChannel() should 
fail.

What is the expected output? What do you see instead?
The expected result should be defined.   An exception should be thrown, or a 
null should be returned.

Please provide the patch of Smartcard API without GP access control enforcer 
for JB 4.1.

Thanks.

What's the problem?
APDU Class 4 doesn't work on Samsung Galaxy S3 (GT-I9300)


What steps will reproduce the problem?
1. Send any APDU class 4 command with non-empty command data (for example, 
Global Platform Initialize Update) using channel.transmit.

What is the expected output? What do you see instead?
Response Data is expected, but only SW 9000 is returned.

What version of the product are you using? On what operating system?
Smart Card API 2.3.2. Samsung GT-I9300. Android 4.0.4. OS Build: 
IMM76D.I9300XXALEF. Baseband: I9300XXLEF. All the same as in Device Support 
Wiki section.

Please provide any additional information below.
Response is returned fine in there is no command data. Tested with Card 
Manager, custom applets - same result everywhere.

What's the problem?
When using android.smartcard.jar from svn, I'm always getting "reader must not 
be null". If I use android.smartcard.jar available in 
http://seek-for-android.googlecode.com/files/MSC_SmartcardService-1_5.tgz it 
runs fine.

What steps will reproduce the problem?
1. Generate SmartcardSample.apk from svn;
2. Run it in your device;

What is the expected output? What do you see instead?
It should work like mentioned in 
http://code.google.com/p/seek-for-android/wiki/MscSmartcardService

What version of the product are you using? On what operating system?
Android SDK 2.1 - Motorola MB502

Please provide any additional information below.
Easy to reproduce, pretty straight forward.

When the access control applet is not multi-selectable (which is the case on 
most Vendor’s implementation), access control checking mechanism can be 
preempted and cause undesired behavior.  Think of multiple clients or multiple 
threads trying to use openLogicalChannel against their respected AIDs at the 
same time, but during access control checking on the first thread, it is being 
preempted.  The 2nd thread would get a Security Exception, because they would 
be getting error when AC applet is already selected (and not release yet) and 
cannot be select a 2nd time.  This is a wrong behavior, because the checking of 
access control is transparent to SEEK user and Security Exception should only 
be thrown if access is denied (not because of limitation on cannot be 
multi-selecting the applet).

There’re 2 possible solutions for this:
1)  Support multi-selectable on Access Control Applet, which is not currently a 
mandated requirement, and there’re some complication to handle OTA rule 
update correctly when someone is querying the data at the same time
2)  Or, make the enforcer access control rule checking be thread safe.

While 1st approach might be the ultimate solution if implemented properly, 2nd 
approach is something that can be implemented by SEEK, based on the current 
known limitation on applet, without any dependency.
Simply by making sure the Access Control checking, from the time it open the AC 
applet until closes the channel to it is locked by a critical section.  It can 
be done by adding the “synchronized” keyword to the following function 
signature:

In src/org/simalliance/openmobileapi/service/security/AccessController.java

public ChannelAccess enableAccesssConditions(ITerminal terminal, byte[] aid, 
String callerPakcageName, ISmartcardServiceCallback callback, SmartcardError 
error) throws Exception

become

public <b>synchronized</b> ChannelAccess enableAccesssConditions(ITerminal 
terminal, byte[] aid, String callerPakcageName, ISmartcardServiceCallback 
callback, SmartcardError error) throws Exception