Secure element Access Control on ICS 4.0.4

Question

I updated my Android phone to 4.0.4 and i noticed that a new file nfcee access.xml appeared in the system folder. The idea of the file as far as i understood is the

Answer 1

This is interesting indeed. If entering your certificate and package name in this file is all that is needed, you shouldn't need to talk to Google, just get whoever is building the ROM (yourself if custom ROM, or a particular carrier) to include it. The bigger problem though is, who do you need to talk to to get the CardManager keys. If it is the carrier, you can also get them to pre-install your applet, so you might not need the keys at runtime (unless you want to use a secure channel to your applet).

Update: Here's a summary of SE support in Android and some more info on how to use the embedded one. In short, it does work, but you can only query stuff of course. It runs JavaCard and is GP 2.1.1 compatible, uses 3DES keys for the secure channel.

http://nelenkov.blogspot.com/2012/08/accessing-embedded-secure-element-in.html

http://nelenkov.blogspot.com/2012/08/android-secure-element-execution.html

BTW, here's the currently allowed cert on my GN 4.0.4. A package is not specified, so any app signed with it will get access to the SE:

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            a8:cd:17:c9:3d:a5:d9:90
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=US, ST=California, L=Mountain View, O=Google Inc., OU=Android, CN=Google NFC
        Validity
            Not Before: Mar 24 01:06:53 2011 GMT
            Not After : Aug  9 01:06:53 2038 GMT
        Subject: C=US, ST=California, L=Mountain View, O=Google Inc., OU=Android, CN=Google NFC