Core: Add dependency support
According to PSA FF, if access between a client Secure Partition and an
RoT Service is not specified in the manifest, then the client is not
allowed to connect to the RoT Service.
Change-Id: Iae45242a143981658e3fd73576b5a8f7f054a7bd
Signed-off-by: Edison Ai <edison.ai@arm.com>
diff --git a/secure_fw/spm/spm_api_ipc.c b/secure_fw/spm/spm_api_ipc.c
index 4933e97..6eed0c0 100644
--- a/secure_fw/spm/spm_api_ipc.c
+++ b/secure_fw/spm/spm_api_ipc.c
@@ -262,6 +262,38 @@
return IPC_SUCCESS;
}
+int32_t tfm_spm_check_authorization(uint32_t sid,
+ struct tfm_spm_service_t *service,
+ int32_t ns_caller)
+{
+ struct spm_partition_desc_t *partition = NULL;
+ int32_t i;
+
+ TFM_ASSERT(service);
+
+ if (ns_caller) {
+ if (!service->service_db->non_secure_client) {
+ return IPC_ERROR_GENERIC;
+ }
+ } else {
+ partition = tfm_spm_get_running_partition();
+ if (!partition) {
+ tfm_panic();
+ }
+
+ for (i = 0; i < partition->static_data->dependencies_num; i++) {
+ if (partition->static_data->p_dependencies[i] == sid) {
+ break;
+ }
+ }
+
+ if (i == partition->static_data->dependencies_num) {
+ return IPC_ERROR_GENERIC;
+ }
+ }
+ return IPC_SUCCESS;
+}
+
/* Message functions */
struct tfm_msg_body_t *tfm_spm_get_msg_from_handle(psa_handle_t msg_handle)
{