From 25319c5184dcabe31a57685e487a541300ebca41 Mon Sep 17 00:00:00 2001
From: Philipp Maier <pmaier@sysmocom.de>
Date: Fri, 6 Dec 2024 16:03:21 +0100
Subject: [PATCH] ara_m fix export of AID-REF-DO (empty)

GPD_SPE_013 Table 6-3 defines two types of AID-REF-DO objects (both
are fully independed TLV IEs with the same name). The version with
tag '4F' identifies an SE application. It may contain an AID prefix
or even be of length 0 in case the rule should apply to all SE
applications. Then there is the version with tag 'C0', which must
always have length 0 and serves a flag to apply the rule to the
implicitly selected SE application. Technically both are completely
different things, so we must also treat them separately in the
pySim-shell code.

Related: OS#6681
Change-Id: I771d5e860b12215280e3d0a8c314ce843fe0d6a2
---
 pySim/ara_m.py                                | 20 ++++++++++++-------
 tests/pySim-shell_test/ara_m/adf_ara-m.cfg.ok |  2 +-
 .../ara_m/adf_ara-m.script.ok                 |  2 +-
 tests/pySim-shell_test/ara_m/test.script      |  2 +-
 4 files changed, 16 insertions(+), 10 deletions(-)

diff --git a/pySim/ara_m.py b/pySim/ara_m.py
index f4da31df..7a0f93f3 100644
--- a/pySim/ara_m.py
+++ b/pySim/ara_m.py
@@ -320,9 +320,9 @@ class ADF_ARAM(CardADF):
             '--device-app-id', required=True, help='Identifies the specific device application that the rule appplies to. Hash of Certificate of Application Provider, or UUID. (20/32 hex bytes)')
         aid_grp = store_ref_ar_do_parse.add_mutually_exclusive_group()
         aid_grp.add_argument(
-            '--aid', help='Identifies the specific SE application for which rules are to be stored. Can be a partial AID, containing for example only the RID.  (5-16 hex bytes)')
+            '--aid', help='Identifies the specific SE application for which rules are to be stored. Can be a partial AID, containing for example only the RID. (5-16 or 0 hex bytes)')
         aid_grp.add_argument('--aid-empty', action='store_true',
-                             help='No specific SE application, applies to all applications')
+                             help='No specific SE application, applies to implicitly selected application (all channels)')
         store_ref_ar_do_parse.add_argument(
             '--pkg-ref', help='Full Android Java package name (up to 127 chars ASCII)')
         # AR-DO
@@ -423,10 +423,13 @@ class CardApplicationARAM(CardApplication):
         # matching key.
         if dictlist is None:
             return None
-        obj = None
         for d in dictlist:
-            obj = d.get(key, obj)
-        return obj
+            if key in d:
+                obj = d.get(key)
+                if obj is None:
+                    return ""
+                return obj
+        return None
 
     @staticmethod
     def __export_ref_ar_do_list(ref_ar_do_list):
@@ -437,6 +440,7 @@ class CardApplicationARAM(CardApplication):
         if ref_do_list and ar_do_list:
             # Get ref_do parameters
             aid_ref_do = CardApplicationARAM.__export_get_from_dictlist('aid_ref_do', ref_do_list)
+            aid_ref_empty_do = CardApplicationARAM.__export_get_from_dictlist('aid_ref_empty_do', ref_do_list)
             dev_app_id_ref_do = CardApplicationARAM.__export_get_from_dictlist('dev_app_id_ref_do', ref_do_list)
             pkg_ref_do = CardApplicationARAM.__export_get_from_dictlist('pkg_ref_do', ref_do_list)
 
@@ -447,9 +451,11 @@ class CardApplicationARAM(CardApplication):
 
             # Write command-line
             export_str += "aram_store_ref_ar_do"
-            if aid_ref_do:
+            if aid_ref_do is not None and len(aid_ref_do) > 0:
                 export_str += (" --aid %s" % aid_ref_do)
-            else:
+            elif aid_ref_do is not None:
+                export_str += " --aid \"\""
+            if aid_ref_empty_do is not None:
                 export_str += " --aid-empty"
             if dev_app_id_ref_do:
                 export_str += (" --device-app-id %s" % dev_app_id_ref_do)
diff --git a/tests/pySim-shell_test/ara_m/adf_ara-m.cfg.ok b/tests/pySim-shell_test/ara_m/adf_ara-m.cfg.ok
index 5520a6b8..a81f8fcc 100644
--- a/tests/pySim-shell_test/ara_m/adf_ara-m.cfg.ok
+++ b/tests/pySim-shell_test/ara_m/adf_ara-m.cfg.ok
@@ -110,7 +110,7 @@
                     {
                         "ref_do": [
                             {
-                                "aid_ref_do": "ffffffffffdd"
+                                "aid_ref_do": null
                             },
                             {
                                 "dev_app_id_ref_do": "a1234567890123bb1f140de987aaa891bbbf0bdd"
diff --git a/tests/pySim-shell_test/ara_m/adf_ara-m.script.ok b/tests/pySim-shell_test/ara_m/adf_ara-m.script.ok
index 79c20ebc..22964924 100644
--- a/tests/pySim-shell_test/ara_m/adf_ara-m.script.ok
+++ b/tests/pySim-shell_test/ara_m/adf_ara-m.script.ok
@@ -7,7 +7,7 @@
 # Decoded FCP Template: None
 select MF/ADF.ARA-M
 aram_delete_all
-aram_store_ref_ar_do --aid ffffffffffdd --device-app-id a1234567890123bb1f140de987aaa891bbbf0bdd --apdu-filter aabbccdd010203041122334405060708 --nfc-never --android-permissions 0000000000000004
+aram_store_ref_ar_do --aid "" --device-app-id a1234567890123bb1f140de987aaa891bbbf0bdd --apdu-filter aabbccdd010203041122334405060708 --nfc-never --android-permissions 0000000000000004
 aram_store_ref_ar_do --aid ffffffffffcc --device-app-id a1234567890aaabb1f140de987657891a04f0bdd --apdu-filter aabbccdd01020304 --nfc-always --android-permissions 0000000000000004
 aram_store_ref_ar_do --aid ffffffffffbb --device-app-id aa6872f28b340b2345678905d5c2bbd5a04f0bdd --apdu-always --nfc-always --android-permissions 0000000000000004
 aram_store_ref_ar_do --aid ffffffffffaa --device-app-id aa6872787654334567840de535c2bbd5a04f0baa --apdu-never --nfc-never --android-permissions 0000000000000004
diff --git a/tests/pySim-shell_test/ara_m/test.script b/tests/pySim-shell_test/ara_m/test.script
index e6db7496..2b599254 100644
--- a/tests/pySim-shell_test/ara_m/test.script
+++ b/tests/pySim-shell_test/ara_m/test.script
@@ -10,7 +10,7 @@ aram_delete_all
 aram_store_ref_ar_do --aid ffffffffffaa --device-app-id aa6872787654334567840de535c2bbd5a04f0baa --apdu-never --nfc-never --android-permissions 0000000000000004
 aram_store_ref_ar_do --aid ffffffffffbb --device-app-id aa6872f28b340b2345678905d5c2bbd5a04f0bdd --apdu-always --nfc-always --android-permissions 0000000000000004
 aram_store_ref_ar_do --aid ffffffffffcc --device-app-id a1234567890aaabb1f140de987657891a04f0bdd --apdu-filter aabbccdd01020304 --nfc-always --android-permissions 0000000000000004
-aram_store_ref_ar_do --aid ffffffffffdd --device-app-id a1234567890123bb1f140de987aaa891bbbf0bdd --apdu-filter aabbccdd010203041122334405060708 --nfc-never --android-permissions 0000000000000004
+aram_store_ref_ar_do --aid "" --device-app-id a1234567890123bb1f140de987aaa891bbbf0bdd --apdu-filter aabbccdd010203041122334405060708 --nfc-never --android-permissions 0000000000000004
 
 # Export ADF.ARA-M to a temporary script file
 export --filename ADF.ARA-M > adf_ara-m.script.tmp