Fix: special mode mgr to monitor RestrictionMode property

special mode mgr should rollback the state once RestrictionMode property is updated to value other than provisioning. Tested: Verified setting the restriction mode property to a value other than provisioning. Special mode value is set to manufacturing expired. Change-Id: I32f810196e25fe2e3955eb16939caa2fb8611f86 Signed-off-by: Ayushi Smriti <smriti.ayushi@intel.com>
author: Ayushi Smriti <smriti.ayushi@intel.com> 2019-07-04 18:38:10 +0300
committer: Ayushi Smriti <smriti.ayushi@intel.com> 2019-07-10 16:49:35 +0300
commit: cf90fb9c42f4925c78f25f51cf5a981b8781aa27 (patch)
tree: 6b10afc6a0566cb954d410d1121ef48a25433da3 /special-mode-mgr
parent: d8fc85b7394dc597cbaa7bda13a2594d1a8a929f (diff)
download: provingground-cf90fb9c42f4925c78f25f51cf5a981b8781aa27.tar.xz
2 files changed, 48 insertions, 6 deletions
diff --git a/special-mode-mgr/include/specialmodemgr.hpp b/special-mode-mgr/include/specialmodemgr.hpp
index 4db822b..25dc113 100644
--- a/special-mode-mgr/include/specialmodemgr.hpp
+++ b/special-mode-mgr/include/specialmodemgr.hpp
@@ -19,6 +19,8 @@
 #include <boost/asio/deadline_timer.hpp>
 #include <sdbusplus/asio/object_server.hpp>
 
+static constexpr const char* strSpecialMode = "SpecialMode";
+
 enum SpecialMode : uint8_t
 {
     None = 0,
@@ -37,6 +39,10 @@ class SpecialModeMgr
     void AddSpecialModeProperty();
 
   public:
+    uint8_t SetSpecialModeValue(uint8_t value) const
+    {
+        return iface->set_property(strSpecialMode, value);
+    }
     SpecialModeMgr(boost::asio::io_service& io,
                    sdbusplus::asio::object_server& srv,
                    std::shared_ptr<sdbusplus::asio::connection>& conn);
diff --git a/special-mode-mgr/src/specialmodemgr.cpp b/special-mode-mgr/src/specialmodemgr.cpp
index f66c175..4df1d1e 100644
--- a/special-mode-mgr/src/specialmodemgr.cpp
+++ b/special-mode-mgr/src/specialmodemgr.cpp
@@ -28,6 +28,10 @@ static constexpr const char* specialModeIntf =
     "xyz.openbmc_project.Security.SpecialMode";
 static constexpr const char* specialModePath =
     "/xyz/openbmc_project/security/specialMode";
+static constexpr const char* provisioningMode =
+    "xyz.openbmc_project.Control.Security.RestrictionMode.Modes.Provisioning";
+
+static constexpr const char* restrictionModeProperty = "RestrictionMode";
 
 using VariantValue =
     std::variant<bool, uint8_t, int16_t, uint16_t, int32_t, uint32_t, int64_t,
@@ -65,9 +69,7 @@ SpecialModeMgr::SpecialModeMgr(
                     AddSpecialModeProperty();
                     return;
                 }
-                if (std::get<std::string>(mode) !=
-                    "xyz.openbmc_project.Control.Security."
-                    "RestrictionMode.Modes.Provisioning")
+                if (std::get<std::string>(mode) != provisioningMode)
                 {
                     AddSpecialModeProperty();
                     return;
@@ -110,7 +112,7 @@ SpecialModeMgr::SpecialModeMgr(
                         return;
                     }
                     iface->set_property(
-                        "SpecialMode",
+                        strSpecialMode,
                         static_cast<uint8_t>(ManufacturingExpired));
                 });
             },
@@ -118,7 +120,7 @@ SpecialModeMgr::SpecialModeMgr(
             "/xyz/openbmc_project/control/security/restriction_mode",
             "org.freedesktop.DBus.Properties", "Get",
             "xyz.openbmc_project.Control.Security.RestrictionMode",
-            "RestrictionMode");
+            restrictionModeProperty);
     }
     else
     {
@@ -131,7 +133,7 @@ void SpecialModeMgr::AddSpecialModeProperty()
     // Add path to server object
     iface = server.add_interface(specialModePath, specialModeIntf);
     iface->register_property(
-        "SpecialMode", specialMode,
+        strSpecialMode, specialMode,
         // Ignore set
         [this](const uint8_t& req, uint8_t& propertyValue) {
             if (req == ManufacturingExpired && specialMode != req)
@@ -156,5 +158,39 @@ int main()
 
     SpecialModeMgr specilModeMgr(io, server, conn);
 
+    static auto match = sdbusplus::bus::match::match(
+        static_cast<sdbusplus::bus::bus&>(*conn),
+        "type='signal',member='PropertiesChanged', "
+        "interface='org.freedesktop.DBus.Properties', "
+        "arg0namespace='xyz.openbmc_project.Control.Security.RestrictionMode'",
+        [&specilModeMgr](sdbusplus::message::message& message) {
+            std::string intfName;
+            std::map<std::string, std::variant<std::string>> properties;
+
+            message.read(intfName,
+                         properties); // skipping reading of 3rd argument
+
+            std::variant<std::string> mode;
+
+            try
+            {
+                mode = properties.at(restrictionModeProperty);
+            }
+            catch (const std::out_of_range& e)
+            {
+                phosphor::logging::log<phosphor::logging::level::ERR>(
+                    "Error in finding RestrictionMode property");
+
+                throw std::out_of_range("Out of range");
+            }
+            if (std::get<std::string>(mode) != provisioningMode)
+            {
+                phosphor::logging::log<phosphor::logging::level::INFO>(
+                    "Mode is not provisioning ");
+
+                specilModeMgr.SetSpecialModeValue(ManufacturingExpired);
+            }
+        });
+
     io.run();
 }
author	Ayushi Smriti <smriti.ayushi@intel.com>	2019-07-04 18:38:10 +0300
committer	Ayushi Smriti <smriti.ayushi@intel.com>	2019-07-10 16:49:35 +0300
commit	cf90fb9c42f4925c78f25f51cf5a981b8781aa27 (patch)
tree	6b10afc6a0566cb954d410d1121ef48a25433da3 /special-mode-mgr
parent	d8fc85b7394dc597cbaa7bda13a2594d1a8a929f (diff)
download	provingground-cf90fb9c42f4925c78f25f51cf5a981b8781aa27.tar.xz