I whould like to differenciate the ACLs and DF for the PIN protected and
non-protected Data objects.
The most inoffensive way to do it, IMHO, is to change the prototype
of 'new_file' entry in the 'sc_pkcs15init_operations';
int (*new_file)(struct sc_profile *, struct sc_card *, unsigned int
object_type, unsigned int, struct sc_file **out);
int (*new_file)(struct sc_profile *, struct sc_card *, struct
sc_pkcs15_object *obj, unsigned int, struct sc_file **out);
This entry belongs to the old-style API and currently used only by MICOS
and Oberthur pkcs15init modules.
This modification will permit more subtile card-specific control over
the DATA object
(it's also true for the other object types) from the card-specific
pkcs15init module and profile.