From e2c71fd6c6cffde3fdbc79ac8a5b18c3da4bd164 Mon Sep 17 00:00:00 2001
From: Brad Campbell <bradjc5@gmail.com>
Date: Mon, 13 May 2024 23:26:56 -0400
Subject: [PATCH] appid: add null checker

---
 boards/components/src/appid/checker.rs       |  3 +-
 boards/components/src/appid/checker_null.rs  | 36 ++++++++++++++
 boards/components/src/appid/mod.rs           |  1 +
 capsules/system/src/process_checker/basic.rs | 52 +++-----------------
 4 files changed, 45 insertions(+), 47 deletions(-)
 create mode 100644 boards/components/src/appid/checker_null.rs

diff --git a/boards/components/src/appid/checker.rs b/boards/components/src/appid/checker.rs
index 6f0780d622..1c57686695 100644
--- a/boards/components/src/appid/checker.rs
+++ b/boards/components/src/appid/checker.rs
@@ -14,8 +14,7 @@ macro_rules! process_checker_machine_component_static {
     };};
 }
 
-pub type ProcessCheckerMachineComponentType =
-    capsules_system::process_checker::basic::AppCheckerSha256;
+pub type ProcessCheckerMachineComponentType = kernel::process::ProcessCheckerMachine;
 
 pub struct ProcessCheckerMachineComponent {
     policy: &'static dyn kernel::process_checker::AppCredentialsPolicy<'static>,
diff --git a/boards/components/src/appid/checker_null.rs b/boards/components/src/appid/checker_null.rs
new file mode 100644
index 0000000000..fd55835db2
--- /dev/null
+++ b/boards/components/src/appid/checker_null.rs
@@ -0,0 +1,36 @@
+// Licensed under the Apache License, Version 2.0 or the MIT License.
+// SPDX-License-Identifier: Apache-2.0 OR MIT
+// Copyright Tock Contributors 2024.
+
+//! Component for creating a NULL process checking machine that approves all
+//! processes.
+
+use core::mem::MaybeUninit;
+use kernel::component::Component;
+
+#[macro_export]
+macro_rules! app_checker_null_component_static {
+    () => {{
+        kernel::static_buf!(capsules_system::process_checker::basic::AppCheckerNull);
+    };};
+}
+
+pub type AppCheckerNullComponentType = capsules_system::process_checker::basic::AppCheckerNull;
+
+pub struct AppCheckerNullComponent {}
+
+impl AppCheckerNullComponent {
+    pub fn new() -> Self {
+        Self {}
+    }
+}
+
+impl Component for AppCheckerNullComponent {
+    type StaticInput =
+        &'static mut MaybeUninit<capsules_system::process_checker::basic::AppCheckerNull>;
+    type Output = &'static capsules_system::process_checker::basic::AppCheckerNull;
+
+    fn finalize(self, s: Self::StaticInput) -> Self::Output {
+        s.write(capsules_system::process_checker::basic::AppCheckerNull::new())
+    }
+}
diff --git a/boards/components/src/appid/mod.rs b/boards/components/src/appid/mod.rs
index 9169d3292c..f6d1f685d9 100644
--- a/boards/components/src/appid/mod.rs
+++ b/boards/components/src/appid/mod.rs
@@ -4,4 +4,5 @@
 
 pub mod assigner_name;
 pub mod checker;
+pub mod checker_null;
 pub mod checker_sha;
diff --git a/capsules/system/src/process_checker/basic.rs b/capsules/system/src/process_checker/basic.rs
index 3453fc0330..dcca7458c2 100644
--- a/capsules/system/src/process_checker/basic.rs
+++ b/capsules/system/src/process_checker/basic.rs
@@ -20,45 +20,16 @@ use kernel::ErrorCode;
 use tock_tbf::types::TbfFooterV2Credentials;
 use tock_tbf::types::TbfFooterV2CredentialsType;
 
-/// A sample Credentials Checking Policy that loads and runs Userspace
-/// Binaries with unique process names; if it encounters a Userspace
-/// Binary with the same process name as an existing one it fails the
-/// uniqueness check and is not run.
-pub struct AppCheckerSimulated<'a> {
-    deferred_call: DeferredCall,
-    client: OptionalCell<&'a dyn AppCredentialsPolicyClient<'a>>,
-    credentials: OptionalCell<TbfFooterV2Credentials>,
-    binary: OptionalCell<&'a [u8]>,
-}
+/// A sample Credentials Checking Policy that approves all apps.
+pub struct AppCheckerNull {}
 
-impl<'a> AppCheckerSimulated<'a> {
+impl<'a> AppCheckerNull {
     pub fn new() -> Self {
-        Self {
-            deferred_call: DeferredCall::new(),
-            client: OptionalCell::empty(),
-            credentials: OptionalCell::empty(),
-            binary: OptionalCell::empty(),
-        }
+        Self {}
     }
 }
 
-impl<'a> DeferredCallClient for AppCheckerSimulated<'a> {
-    fn handle_deferred_call(&self) {
-        self.client.map(|c| {
-            c.check_done(
-                Ok(CheckResult::Pass),
-                self.credentials.take().unwrap(),
-                self.binary.take().unwrap(),
-            )
-        });
-    }
-
-    fn register(&'static self) {
-        self.deferred_call.register(self);
-    }
-}
-
-impl<'a> AppCredentialsPolicy<'a> for AppCheckerSimulated<'a> {
+impl<'a> AppCredentialsPolicy<'a> for AppCheckerNull {
     fn require_credentials(&self) -> bool {
         false
     }
@@ -68,19 +39,10 @@ impl<'a> AppCredentialsPolicy<'a> for AppCheckerSimulated<'a> {
         credentials: TbfFooterV2Credentials,
         binary: &'a [u8],
     ) -> Result<(), (ErrorCode, TbfFooterV2Credentials, &'a [u8])> {
-        if self.credentials.is_none() {
-            self.credentials.replace(credentials);
-            self.binary.replace(binary);
-            self.deferred_call.set();
-            Ok(())
-        } else {
-            Err((ErrorCode::BUSY, credentials, binary))
-        }
+        Err((ErrorCode::NOSUPPORT, credentials, binary))
     }
 
-    fn set_client(&self, client: &'a dyn AppCredentialsPolicyClient<'a>) {
-        self.client.replace(client);
-    }
+    fn set_client(&self, _client: &'a dyn AppCredentialsPolicyClient<'a>) {}
 }
 
 pub struct AppIdAssignerSimulated {}