summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorVadim Bendebury <vbendeb@chromium.org>2018-01-10 11:31:53 -0800
committerChromeOS Commit Bot <chromeos-commit-bot@chromium.org>2018-02-01 00:48:18 +0000
commita51551f4da4aeb4c7daf780c522afe3294697592 (patch)
treeca48285303de4c41f85f7a770d0700055ee10bbd
parentbdd8e5bbf7eec7bb6356e7bd30e07432251c02e6 (diff)
downloadchrome-ec-a51551f4da4aeb4c7daf780c522afe3294697592.tar.gz
ccd: do not allow 'unlock' from console unless password is set
CCD management policies explicitly prohibit running the 'unlock' command from the Cr50 CLI unless CCD password is set. This patch enforces the policy. BRANCH=cr50 BUG=b:62537474 TEST=ran the following commands on the Cr50 console: > ccd State: Locked Password: none ... > ccd unlock Cann't unlock without password Access Denied Usage: ccd [help | ...] > Change-Id: I5a14a54049a233e86e097064ff235e9b7a8bbb86 Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/861000 Reviewed-by: Randall Spangler <rspangler@chromium.org> (cherry picked from commit 35c8f62480ec47dac9825e1fc0fdf6a59b47df8f) Reviewed-on: https://chromium-review.googlesource.com/896782
Diffstat
-rw-r--r--common/ccd_config.c7
1 files changed, 6 insertions, 1 deletions
diff --git a/common/ccd_config.c b/common/ccd_config.c
index 185b29278a..12885926dd 100644
--- a/common/ccd_config.c
+++ b/common/ccd_config.c
@@ -1182,8 +1182,13 @@ static int command_ccd_body(int argc, char **argv)
/* Commands to set state */
if (!strcasecmp(argv[1], "lock"))
return ccd_command_wrapper(0, NULL, CCDV_LOCK);
- if (!strcasecmp(argv[1], "unlock"))
+ if (!strcasecmp(argv[1], "unlock")) {
+ if (!raw_has_password()) {
+ ccprintf("Unlock only allowed after password is set\n");
+ return EC_ERROR_ACCESS_DENIED;
+ }
return ccd_command_wrapper(argc - 1, argv[2], CCDV_UNLOCK);
+ }
if (!strcasecmp(argv[1], "open"))
return ccd_command_wrapper(argc - 1, argv[2], CCDV_OPEN);
View Lorry Controller Status