Tweak pkey access control to allow wheel to see keys.

The current pkey access control rules are a bit complex, because they
need to support the somewhat complex rules required by PKCS #11.  This
is fine, as far as it goes, but a strict interpretation leaves
HAL_USER_NORMAL as the only user able to see many keys.  This is
confusing when using the CLI, to put it mildly.

HAL_USER_WHEEL is intended for exactly this sort of thing: it's a user
ID which, by definition, can never appear in an RPC call from PKCS
to see the same keys that HAL_USER_NORMAL would.

HAL_USER_SO remains restricted per the PKCS #11 rules.

0 files changed, 0 insertions, 0 deletions