ta: pkcs11: Access check for private objects

Private objects of a session/token are accessible only in a R/O or R/W user session i.e if a user is logged in. R/O or R/W public session or a R/W SO session cannot access these private objects. Check for SO session was missing in the logic when checking for access of private objects. This has now been added. Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
author: Ruchika Gupta <ruchika.gupta@linaro.org> 2021-01-12 12:24:21 +0530
committer: Jérôme Forissier <jerome@forissier.org> 2021-01-15 09:07:09 +0100
commit: 5db0fef4eeaf6517fcb0b5be2735733d9bd55f51 (patch)
tree: 1e29b10441e97d41b5905fade5fa1ea7a61b051c
parent: 19cb73dd990d1512b6ca0cc4ecaac1fded4049b0 (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/ta/pkcs11/src/pkcs11_attributes.c b/ta/pkcs11/src/pkcs11_attributes.c
index ae018e27..5a27ddfe 100644
--- a/ta/pkcs11/src/pkcs11_attributes.c
+++ b/ta/pkcs11/src/pkcs11_attributes.c
@@ -911,8 +911,9 @@ enum pkcs11_rc check_access_attrs_against_token(struct pkcs11_session *session,
 		return PKCS11_CKR_KEY_FUNCTION_NOT_PERMITTED;
 	}
 
-	if (private && pkcs11_session_is_public(session)) {
-		DMSG("Private object access from a public session");
+	if (private && (pkcs11_session_is_public(session) ||
+			pkcs11_session_is_so(session))) {
+		DMSG("Private object access from a public or SO session");
 
 		return PKCS11_CKR_USER_NOT_LOGGED_IN;
 	}
author	Ruchika Gupta <ruchika.gupta@linaro.org>	2021-01-12 12:24:21 +0530
committer	Jérôme Forissier <jerome@forissier.org>	2021-01-15 09:07:09 +0100
commit	5db0fef4eeaf6517fcb0b5be2735733d9bd55f51 (patch)
tree	1e29b10441e97d41b5905fade5fa1ea7a61b051c
parent	19cb73dd990d1512b6ca0cc4ecaac1fded4049b0 (diff)