diff options
author | Craig Hesling <hesling@chromium.org> | 2019-10-18 08:52:12 -0700 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2019-11-18 20:03:11 +0000 |
commit | 7353ca106319d64962b7a6ccf2c9e88e701e2368 (patch) | |
tree | 6eff8f4452ba2f510404cc1cb32c8bdbcd2ddfe6 | |
parent | ade2bda733d09458f923e37c67a8b0bc304d906b (diff) | |
download | chrome-ec-7353ca106319d64962b7a6ccf2c9e88e701e2368.tar.gz |
fpsensor: Make fpcapture and fpenroll restricted
There should be no functional difference to fpcapture or fpenroll,
since the restricted console command feature is implemented in a
similar manor.
The only noticeable difference is that the list of commands provided
by the "help" command should denote when these commands are restricted.
Note, each board requires a configuration, similar
to crrev.com/c/1867388, in order to activate restricted
console commands. Otherwise, this restricted flag has no
restricting effect.
BRANCH=nocturne
BRANCH=hatch
BUG=b:142559996, b:142505927
TEST=# Test on nocturne_fp
make BOARD=nocturne_fp
scp build/nocturne_fp/ec.bin dut1:~/
ssh dut1 flash_fp_mcu ./ec.bin
# From FPMCU UART console
version
# Ensure that version is custom based on workstation
help
# Ensure that fpcapture and fpenroll are not prefixed
# with "-"
help list
# Ensure that a "Flags" column exists and that
# fpcapture and fpenroll both have a 1 in the column.
fpcapture
fpenroll
# Ensure that both commands above succeed in their
# own operations
syslock
fpcapture
fpenroll
# Ensure that both commands above fail with "Access Denied"
help
# Ensure that fpcapture and fpenroll are now prefixed
# with "-" in the help message
Change-Id: Icbb74a1afece66db9ebd071de0770650d42bd553
Signed-off-by: Craig Hesling <hesling@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1869400
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-by: Tom Hughes <tomhughes@chromium.org>
-rw-r--r-- | common/fpsensor/fpsensor.c | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/common/fpsensor/fpsensor.c b/common/fpsensor/fpsensor.c index aa7a3e6dbb..8aa9a1d09e 100644 --- a/common/fpsensor/fpsensor.c +++ b/common/fpsensor/fpsensor.c @@ -725,6 +725,10 @@ int command_fpcapture(int argc, char **argv) uint32_t mode; enum ec_error_list rc; + /* + * TODO(b/142944002): Remove this redundant check for system_is_locked + * once we have unit-tests/integration-tests in place. + */ if (system_is_locked()) return EC_ERROR_ACCESS_DENIED; @@ -744,8 +748,9 @@ int command_fpcapture(int argc, char **argv) return rc; } -DECLARE_CONSOLE_COMMAND(fpcapture, command_fpcapture, NULL, - "Capture fingerprint in PGM format"); +DECLARE_CONSOLE_COMMAND_FLAGS(fpcapture, command_fpcapture, NULL, + "Capture fingerprint in PGM format", + CMD_FLAG_RESTRICTED); int command_fpenroll(int argc, char **argv) { @@ -755,6 +760,10 @@ int command_fpenroll(int argc, char **argv) static const char * const enroll_str[] = {"OK", "Low Quality", "Immobile", "Low Coverage"}; + /* + * TODO(b/142944002): Remove this redundant check for system_is_locked + * once we have unit-tests/integration-tests in place. + */ if (system_is_locked()) return EC_ERROR_ACCESS_DENIED; @@ -780,8 +789,9 @@ int command_fpenroll(int argc, char **argv) return rc; } -DECLARE_CONSOLE_COMMAND(fpenroll, command_fpenroll, NULL, - "Enroll a new fingerprint"); +DECLARE_CONSOLE_COMMAND_FLAGS(fpenroll, command_fpenroll, NULL, + "Enroll a new fingerprint", + CMD_FLAG_RESTRICTED); int command_fpmatch(int argc, char **argv) |