DownTips give you in detail what is PERM-AR-DO.
The data object is PERM-AR-DO (tag 0xDB), just as the other data objects defined on the Downtips page (DeviceAppID-REF-DO with SHA-256 and PKG-REF-DO), is a Google-specific extension to the GP Secure Element Access Control specification. Consequently, you won’t find anything about these DOs in the GP specifications.
We assume we can grant access to all carrier-based permissions or have a finer-grained control. What will define the mapping between the bit mask and the actual permissions then? One permission per class? One permission per method specifically? Will 64 separate permissions be enough in the long run?
So the answer is that the interpretation of this is not yet defined. This is also reflected in the Android source code that parses the access rules.
Here is the code:
else
if (rule.startsWith(TAG_AR_DO))
{
TLV arDo = new TLV(TAG_AR_DO); //E3
rule = arDo.parse(rule, false);
// Skip unrelated rules.
if (!arDo.value.startsWith(TAG_PERM_AR_DO))
{
return null;
}
TLV permDo = new TLV(TAG_PERM_AR_DO); //DB
permDo.parse(arDo.value, true);
}
else This code parses the AR-DO and extracts the PERM-AR-DO but then simply drops the extracted value (permDo).
The resulting AccessRule object contains a value accessType which is always set to 0.
long accessType = 0;
AccessRule accessRule = new AccessRule(IccUtils.hexStringToBytes(certificateHash),
packageName, accessType);
