diff options
author | Ruchika Gupta <ruchika.gupta@linaro.org> | 2021-01-12 12:24:21 +0530 |
---|---|---|
committer | Jérôme Forissier <jerome@forissier.org> | 2021-01-15 09:07:09 +0100 |
commit | 5db0fef4eeaf6517fcb0b5be2735733d9bd55f51 (patch) | |
tree | 1e29b10441e97d41b5905fade5fa1ea7a61b051c | |
parent | 19cb73dd990d1512b6ca0cc4ecaac1fded4049b0 (diff) |
ta: pkcs11: Access check for private objects
Private objects of a session/token are accessible only
in a R/O or R/W user session i.e if a user is logged in.
R/O or R/W public session or a R/W SO session cannot
access these private objects. Check for SO session
was missing in the logic when checking for access of
private objects. This has now been added.
Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
-rw-r--r-- | ta/pkcs11/src/pkcs11_attributes.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/ta/pkcs11/src/pkcs11_attributes.c b/ta/pkcs11/src/pkcs11_attributes.c index ae018e27..5a27ddfe 100644 --- a/ta/pkcs11/src/pkcs11_attributes.c +++ b/ta/pkcs11/src/pkcs11_attributes.c @@ -911,8 +911,9 @@ enum pkcs11_rc check_access_attrs_against_token(struct pkcs11_session *session, return PKCS11_CKR_KEY_FUNCTION_NOT_PERMITTED; } - if (private && pkcs11_session_is_public(session)) { - DMSG("Private object access from a public session"); + if (private && (pkcs11_session_is_public(session) || + pkcs11_session_is_so(session))) { + DMSG("Private object access from a public or SO session"); return PKCS11_CKR_USER_NOT_LOGGED_IN; } |