From d5f490cb1b2cc1c4084d42b173551a15ded93884 Mon Sep 17 00:00:00 2001 From: Brad Campbell Date: Wed, 12 Jun 2024 13:36:42 -0400 Subject: [PATCH] kernel: process: add get_credential() --- kernel/src/process.rs | 6 ++++++ kernel/src/process_standard.rs | 10 ++++++++++ 2 files changed, 16 insertions(+) diff --git a/kernel/src/process.rs b/kernel/src/process.rs index 9bb1fbecae..cf583b63df 100644 --- a/kernel/src/process.rs +++ b/kernel/src/process.rs @@ -20,6 +20,7 @@ use crate::storage_permissions; use crate::syscall::{self, Syscall, SyscallReturn}; use crate::upcall::UpcallId; use tock_tbf::types::CommandPermissions; +use tock_tbf::types::TbfFooterV2Credentials; // Export all process related types via `kernel::process::`. pub use crate::process_binary::ProcessBinary; @@ -314,6 +315,11 @@ pub trait Process { /// in a TBF Program Header; if the binary has no version assigned, return [None] fn binary_version(&self) -> Option; + /// Return the credential which the credential checker approved if the + /// credential checker approved a credential. If the process was allowed to + /// run without credentials, return `None`. + fn get_credential(&self) -> Option; + /// Returns how many times this process has been restarted. fn get_restart_count(&self) -> usize; diff --git a/kernel/src/process_standard.rs b/kernel/src/process_standard.rs index 6aa52d770f..4d95077cf2 100644 --- a/kernel/src/process_standard.rs +++ b/kernel/src/process_standard.rs @@ -36,6 +36,7 @@ use crate::upcall::UpcallId; use crate::utilities::cells::{MapCell, NumericCellExt, OptionalCell}; use tock_tbf::types::CommandPermissions; +use tock_tbf::types::TbfFooterV2Credentials; /// State for helping with debugging apps. /// @@ -185,6 +186,10 @@ pub struct ProcessStandard<'a, C: 'static + Chip> { /// Collection of pointers to the TBF header in flash. header: tock_tbf::types::TbfHeader, + /// Credential that was approved for this process, or `None` if the + /// credential was permitted to run without an accepted credential. + credential: Option, + /// State saved on behalf of the process each time the app switches to the /// kernel. stored_state: @@ -256,6 +261,10 @@ impl Process for ProcessStandard<'_, C> { } } + fn get_credential(&self) -> Option { + self.credential + } + fn enqueue_task(&self, task: Task) -> Result<(), ErrorCode> { // If this app is in a `Fault` state then we shouldn't schedule // any work for it. @@ -1636,6 +1645,7 @@ impl ProcessStandard<'_, C> { process.app_break = Cell::new(initial_app_brk); process.grant_pointers = MapCell::new(grant_pointers); + process.credential = pb.credential.get(); process.footers = pb.footers; process.flash = pb.flash;