kernel: process: add get_credential()

YoeDistro · Jun 12, 2024 · d5f490c · d5f490c
1 parent 3625751
commit d5f490c
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 0 deletions.
diff --git a/kernel/src/process.rs b/kernel/src/process.rs
@@ -20,6 +20,7 @@ use crate::storage_permissions;
 use crate::syscall::{self, Syscall, SyscallReturn};
 use crate::upcall::UpcallId;
 use tock_tbf::types::CommandPermissions;
+use tock_tbf::types::TbfFooterV2Credentials;
 
 // Export all process related types via `kernel::process::`.
 pub use crate::process_binary::ProcessBinary;
@@ -314,6 +315,11 @@ pub trait Process {
     /// in a TBF Program Header; if the binary has no version assigned, return [None]
     fn binary_version(&self) -> Option<BinaryVersion>;
 
+    /// Return the credential which the credential checker approved if the
+    /// credential checker approved a credential. If the process was allowed to
+    /// run without credentials, return `None`.
+    fn get_credential(&self) -> Option<TbfFooterV2Credentials>;
+
     /// Returns how many times this process has been restarted.
     fn get_restart_count(&self) -> usize;
 

diff --git a/kernel/src/process_standard.rs b/kernel/src/process_standard.rs
@@ -36,6 +36,7 @@ use crate::upcall::UpcallId;
 use crate::utilities::cells::{MapCell, NumericCellExt, OptionalCell};
 
 use tock_tbf::types::CommandPermissions;
+use tock_tbf::types::TbfFooterV2Credentials;
 
 /// State for helping with debugging apps.
 ///
@@ -185,6 +186,10 @@ pub struct ProcessStandard<'a, C: 'static + Chip> {
     /// Collection of pointers to the TBF header in flash.
     header: tock_tbf::types::TbfHeader,
 
+    /// Credential that was approved for this process, or `None` if the
+    /// credential was permitted to run without an accepted credential.
+    credential: Option<TbfFooterV2Credentials>,
+
     /// State saved on behalf of the process each time the app switches to the
     /// kernel.
     stored_state:
@@ -256,6 +261,10 @@ impl<C: Chip> Process for ProcessStandard<'_, C> {
         }
     }
 
+    fn get_credential(&self) -> Option<TbfFooterV2Credentials> {
+        self.credential
+    }
+
     fn enqueue_task(&self, task: Task) -> Result<(), ErrorCode> {
         // If this app is in a `Fault` state then we shouldn't schedule
         // any work for it.
@@ -1636,6 +1645,7 @@ impl<C: 'static + Chip> ProcessStandard<'_, C> {
         process.app_break = Cell::new(initial_app_brk);
         process.grant_pointers = MapCell::new(grant_pointers);
 
+        process.credential = pb.credential.get();
         process.footers = pb.footers;
         process.flash = pb.flash;