appid: add null checker

tock · May 14, 2024 · e2c71fd · e2c71fd
1 parent ef96f80
commit e2c71fd
Show file tree

Hide file tree

Showing 4 changed files with 45 additions and 47 deletions.
diff --git a/boards/components/src/appid/checker.rs b/boards/components/src/appid/checker.rs
@@ -14,8 +14,7 @@ macro_rules! process_checker_machine_component_static {
     };};
 }
 
-pub type ProcessCheckerMachineComponentType =
-    capsules_system::process_checker::basic::AppCheckerSha256;
+pub type ProcessCheckerMachineComponentType = kernel::process::ProcessCheckerMachine;
 
 pub struct ProcessCheckerMachineComponent {
     policy: &'static dyn kernel::process_checker::AppCredentialsPolicy<'static>,

diff --git a/boards/components/src/appid/checker_null.rs b/boards/components/src/appid/checker_null.rs
@@ -0,0 +1,36 @@
+// Licensed under the Apache License, Version 2.0 or the MIT License.
+// SPDX-License-Identifier: Apache-2.0 OR MIT
+// Copyright Tock Contributors 2024.
+
+//! Component for creating a NULL process checking machine that approves all
+//! processes.
+
+use core::mem::MaybeUninit;
+use kernel::component::Component;
+
+#[macro_export]
+macro_rules! app_checker_null_component_static {
+    () => {{
+        kernel::static_buf!(capsules_system::process_checker::basic::AppCheckerNull);
+    };};
+}
+
+pub type AppCheckerNullComponentType = capsules_system::process_checker::basic::AppCheckerNull;
+
+pub struct AppCheckerNullComponent {}
+
+impl AppCheckerNullComponent {
+    pub fn new() -> Self {
+        Self {}
+    }
+}
+
+impl Component for AppCheckerNullComponent {
+    type StaticInput =
+        &'static mut MaybeUninit<capsules_system::process_checker::basic::AppCheckerNull>;
+    type Output = &'static capsules_system::process_checker::basic::AppCheckerNull;
+
+    fn finalize(self, s: Self::StaticInput) -> Self::Output {
+        s.write(capsules_system::process_checker::basic::AppCheckerNull::new())
+    }
+}
diff --git a/boards/components/src/appid/mod.rs b/boards/components/src/appid/mod.rs
@@ -4,4 +4,5 @@
 
 pub mod assigner_name;
 pub mod checker;
+pub mod checker_null;
 pub mod checker_sha;
diff --git a/capsules/system/src/process_checker/basic.rs b/capsules/system/src/process_checker/basic.rs
@@ -20,45 +20,16 @@ use kernel::ErrorCode;
 use tock_tbf::types::TbfFooterV2Credentials;
 use tock_tbf::types::TbfFooterV2CredentialsType;
 
-/// A sample Credentials Checking Policy that loads and runs Userspace
-/// Binaries with unique process names; if it encounters a Userspace
-/// Binary with the same process name as an existing one it fails the
-/// uniqueness check and is not run.
-pub struct AppCheckerSimulated<'a> {
-    deferred_call: DeferredCall,
-    client: OptionalCell<&'a dyn AppCredentialsPolicyClient<'a>>,
-    credentials: OptionalCell<TbfFooterV2Credentials>,
-    binary: OptionalCell<&'a [u8]>,
-}
+/// A sample Credentials Checking Policy that approves all apps.
+pub struct AppCheckerNull {}
 
-impl<'a> AppCheckerSimulated<'a> {
+impl<'a> AppCheckerNull {
     pub fn new() -> Self {
-        Self {
-            deferred_call: DeferredCall::new(),
-            client: OptionalCell::empty(),
-            credentials: OptionalCell::empty(),
-            binary: OptionalCell::empty(),
-        }
+        Self {}
     }
 }
 
-impl<'a> DeferredCallClient for AppCheckerSimulated<'a> {
-    fn handle_deferred_call(&self) {
-        self.client.map(|c| {
-            c.check_done(
-                Ok(CheckResult::Pass),
-                self.credentials.take().unwrap(),
-                self.binary.take().unwrap(),
-            )
-        });
-    }
-
-    fn register(&'static self) {
-        self.deferred_call.register(self);
-    }
-}
-
-impl<'a> AppCredentialsPolicy<'a> for AppCheckerSimulated<'a> {
+impl<'a> AppCredentialsPolicy<'a> for AppCheckerNull {
     fn require_credentials(&self) -> bool {
         false
     }
@@ -68,19 +39,10 @@ impl<'a> AppCredentialsPolicy<'a> for AppCheckerSimulated<'a> {
         credentials: TbfFooterV2Credentials,
         binary: &'a [u8],
     ) -> Result<(), (ErrorCode, TbfFooterV2Credentials, &'a [u8])> {
-        if self.credentials.is_none() {
-            self.credentials.replace(credentials);
-            self.binary.replace(binary);
-            self.deferred_call.set();
-            Ok(())
-        } else {
-            Err((ErrorCode::BUSY, credentials, binary))
-        }
+        Err((ErrorCode::NOSUPPORT, credentials, binary))
     }
 
-    fn set_client(&self, client: &'a dyn AppCredentialsPolicyClient<'a>) {
-        self.client.replace(client);
-    }
+    fn set_client(&self, _client: &'a dyn AppCredentialsPolicyClient<'a>) {}
 }
 
 pub struct AppIdAssignerSimulated {}