diff options
author | Pascal Brand <pascal.brand@st.com> | 2015-02-12 04:54:57 +0100 |
---|---|---|
committer | Pascal Brand <pascal.brand@st.com> | 2015-02-12 11:37:13 +0100 |
commit | abd4a75004477efc5c3d6f9eb18f68737b5c394e (patch) | |
tree | e17f4e679d8367dc8fa88fc3433a6fcf918e8c2c | |
parent | c2e1a0531e54ece819320f3c18756601d0a971e8 (diff) |
Persistent Object Sharing Rules adjust with respect to GP v1.1
This patch implements this part of the GlobalPlatform Internal Core API v1.1
Multiple handles may be opened on the same object simultaneously using
the functions TEE_OpenPersistentObject or TEE_CreatePersistentObject,
but sharing MUST be explicitly allowed. More precisely, at any one
time the following constraints apply: If more than one handle is opened
on the same object, and if any of these object handles was opened with
the flag TEE_DATA_FLAG_ACCESS_READ, then all the object handles MUST have
been opened with the flag TEE_DATA_FLAG_SHARE_READ. There is a corresponding
constraint with the flags TEE_DATA_FLAG_ACCESS_WRITE and
TEE_DATA_FLAG_SHARE_WRITE. Accessing an object with write-meta rights is
exclusive and can never be shared.
When one of the functions TEE_OpenPersistentObject or
TEE_CreatePersistentObject is called and if opening the object would violate
these constraints, then the function returns the return code
TEE_ERROR_ACCESS_CONFLICT.
Fix #174
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Suggested-by: xlyu <jpmhesheit@gmail.com>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (QEMU)
Signed-off-by: Pascal Brand <pascal.brand@st.com>
-rw-r--r-- | core/tee/tee_pobj.c | 40 |
1 files changed, 32 insertions, 8 deletions
diff --git a/core/tee/tee_pobj.c b/core/tee/tee_pobj.c index 7c2d97c..3f1b486 100644 --- a/core/tee/tee_pobj.c +++ b/core/tee/tee_pobj.c @@ -37,18 +37,42 @@ static TAILQ_HEAD(tee_pobjs, tee_pobj) tee_pobjs = static TEE_Result tee_pobj_check_access(uint32_t oflags, uint32_t nflags) { /* meta is exclusive */ - if (oflags | TEE_DATA_FLAG_ACCESS_WRITE_META || - nflags | TEE_DATA_FLAG_ACCESS_WRITE_META) + if ((oflags & TEE_DATA_FLAG_ACCESS_WRITE_META) || + (nflags & TEE_DATA_FLAG_ACCESS_WRITE_META)) return TEE_ERROR_ACCESS_CONFLICT; - if (oflags | TEE_DATA_FLAG_ACCESS_READ && - !((nflags | TEE_DATA_FLAG_SHARE_READ) && - oflags | TEE_DATA_FLAG_SHARE_READ)) + /* + * Excerpt of TEE Internal Core API Specification v1.1: + * If more than one handle is opened on the same object, and if any + * of these object handles was opened with the flag + * TEE_DATA_FLAG_ACCESS_READ, then all the object handles MUST have been + * opened with the flag TEE_DATA_FLAG_SHARE_READ + */ + if (((oflags & TEE_DATA_FLAG_ACCESS_READ) || + (nflags & TEE_DATA_FLAG_ACCESS_READ)) && + !((nflags & TEE_DATA_FLAG_SHARE_READ) && + (oflags & TEE_DATA_FLAG_SHARE_READ))) return TEE_ERROR_ACCESS_CONFLICT; - if (oflags | TEE_DATA_FLAG_ACCESS_WRITE && - !((nflags | TEE_DATA_FLAG_SHARE_WRITE) && - oflags | TEE_DATA_FLAG_SHARE_WRITE)) + /* + * Excerpt of TEE Internal Core API Specification v1.1: + * An object can be opened with only share flags, which locks the access + * to an object against a given mode. + * An object can be opened with no flag set, which completely locks all + * subsequent attempts to access the object + */ + if ((nflags & TEE_DATA_FLAG_SHARE_READ) != + (oflags & TEE_DATA_FLAG_SHARE_READ)) + return TEE_ERROR_ACCESS_CONFLICT; + + /* Same on WRITE access */ + if (((oflags & TEE_DATA_FLAG_ACCESS_WRITE) || + (nflags & TEE_DATA_FLAG_ACCESS_WRITE)) && + !((nflags & TEE_DATA_FLAG_SHARE_WRITE) && + (oflags & TEE_DATA_FLAG_SHARE_WRITE))) + return TEE_ERROR_ACCESS_CONFLICT; + if ((nflags & TEE_DATA_FLAG_SHARE_WRITE) != + (oflags & TEE_DATA_FLAG_SHARE_WRITE)) return TEE_ERROR_ACCESS_CONFLICT; return TEE_SUCCESS; |