From d9c17f8494700cb3ae079181d417e3e123d215f8 Mon Sep 17 00:00:00 2001
From: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
Date: Mon, 28 Oct 2019 13:48:29 +0530
Subject: prov-mode-mgr: Log events for restriction mode

Support added to log events for restriction mode change (system
interface), which can be viewed using Redfish event log entries.
This log will indicate the status of the system interface command
execution allowed state after BIOS POST.

Tested:
Tested the same with up-stream message entry review
https://gerrit.openbmc-project.xyz/#/c/openbmc/bmcweb/+/26601/
1. Redfish validator - passed for this new addition
2. Log will be as below
{
    "@data.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
    "@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/184",
    "@odata.type": "#LogEntry.v1_4_0.LogEntry",
    "Created": "1970-01-01T00:03:04+00:00",
    "EntryType": "Event",
    "Id": "184",
    "Message": "System interface in unprovisioned state.",
    "MessageArgs": [],
    "MessageId": "OpenBMC.0.1.SystemInterfaceUnprovisioned",
    "Name": "System Event Log Entry",
    "Severity": "Critical"
},
{
    "@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
    "@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/198",
    "@odata.type": "#LogEntry.v1_4_0.LogEntry",
    "Created": "1970-01-01T00:03:18+00:00",
    "EntryType": "Event",
    "Id": "198",
    "Message": "System interface in whitelist provisioned state.",
    "MessageArgs": [],
    "MessageId": "OpenBMC.0.1.SystemInterfaceWhitelistProvisioned",
    "Name": "System Event Log Entry",
    "Severity": "Warning"
},
{
    "@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
    "@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/204",
    "@odata.type": "#LogEntry.v1_4_0.LogEntry",
    "Created": "1970-01-01T00:03:24+00:00",
    "EntryType": "Event",
    "Id": "204",
    "Message": "System interface in disabled provisioned state.",
    "MessageArgs": [],
    "MessageId": "OpenBMC.0.1.SystemInterfaceDisabledProvisioned",
    "Name": "System Event Log Entry",
    "Severity": "OK"
}

Change-Id: Ief9547d37bff07704caebf76e87fe8dba05e2db6
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
---
 prov-mode-mgr/include/prov-mode-mgr.hpp |  2 ++
 prov-mode-mgr/src/prov-mode-mgr.cpp     | 30 ++++++++++++++++++++++++++++++
 2 files changed, 32 insertions(+)

diff --git a/prov-mode-mgr/include/prov-mode-mgr.hpp b/prov-mode-mgr/include/prov-mode-mgr.hpp
index 6ca7424..9824a07 100644
--- a/prov-mode-mgr/include/prov-mode-mgr.hpp
+++ b/prov-mode-mgr/include/prov-mode-mgr.hpp
@@ -55,6 +55,8 @@ class ProvModeMgr
     void updateProvModeProperty(
         sdbusplus::xyz::openbmc_project::Control::Security::server::
             RestrictionMode::Modes mode);
+    void logEvent(sdbusplus::xyz::openbmc_project::Control::Security::server::
+                      RestrictionMode::Modes mode);
 
   public:
     ProvModeMgr(boost::asio::io_service& io,
diff --git a/prov-mode-mgr/src/prov-mode-mgr.cpp b/prov-mode-mgr/src/prov-mode-mgr.cpp
index 33d084a..a7ca4e3 100644
--- a/prov-mode-mgr/src/prov-mode-mgr.cpp
+++ b/prov-mode-mgr/src/prov-mode-mgr.cpp
@@ -74,11 +74,40 @@ void ProvModeMgr::updateProvModeProperty(
         std::to_string(static_cast<uint8_t>(mode)));
 }
 
+void ProvModeMgr::logEvent(sdbusplus::xyz::openbmc_project::Control::Security::
+                               server::RestrictionMode::Modes mode)
+{
+    namespace secCtrl =
+        sdbusplus::xyz::openbmc_project::Control::Security::server;
+
+    if (mode == secCtrl::RestrictionMode::Modes::Provisioning)
+    {
+        sd_journal_send("MESSAGE=%s", "RestrictionMode - Provisioning state",
+                        "PRIORITY=%i", LOG_INFO, "REDFISH_MESSAGE_ID=%s",
+                        "OpenBMC.0.1.SystemInterfaceUnprovisioned", NULL);
+    }
+    else if (mode == secCtrl::RestrictionMode::Modes::ProvisionedHostWhitelist)
+    {
+        sd_journal_send("MESSAGE=%s", "RestrictionMode - Whitelist state",
+                        "PRIORITY=%i", LOG_INFO, "REDFISH_MESSAGE_ID=%s",
+                        "OpenBMC.0.1.SystemInterfaceWhitelistProvisioned",
+                        NULL);
+    }
+    else if (mode == secCtrl::RestrictionMode::Modes::ProvisionedHostDisabled)
+    {
+        sd_journal_send("MESSAGE=%s", "RestrictionMode - Disabled state",
+                        "PRIORITY=%i", LOG_INFO, "REDFISH_MESSAGE_ID=%s",
+                        "OpenBMC.0.1.SystemInterfaceDisabledProvisioned", NULL);
+    }
+    // Other modes N/A for now, ignore the same.
+}
+
 void ProvModeMgr::init()
 {
     namespace secCtrl =
         sdbusplus::xyz::openbmc_project::Control::Security::server;
     iface = server.add_interface(provModePath, provModeIntf);
+    logEvent(provMode);
     iface->register_property(
         "RestrictionMode",
         sdbusplus::xyz::openbmc_project::Control::Security::server::
@@ -92,6 +121,7 @@ void ProvModeMgr::init()
                     secCtrl::RestrictionMode::Modes mode =
                         secCtrl::RestrictionMode::convertModesFromString(req);
                     provMode = mode;
+                    logEvent(mode);
                     updateProvModeProperty(mode);
                     return 1;
                 }
-- 
cgit v1.2.3