diff options
author | Bill Richardson <wfrichar@chromium.org> | 2016-08-25 14:25:33 -0700 |
---|---|---|
committer | Bill Richardson <wfrichar@chromium.org> | 2016-08-31 17:12:58 +0000 |
commit | 70341959e677328dc5d62a94a7df4e79523e5e24 (patch) | |
tree | 9bbc9d631a74ec28dff1e05f7cf759884121d561 /common/console.c | |
parent | 6d805476ba032b33e440330469a873e6a444fddb (diff) | |
download | chrome-ec-70341959e677328dc5d62a94a7df4e79523e5e24.tar.gz |
Add console support for restricted commands
This adds support for CONFIG_RESTRICTED_CONSOLE_COMMANDS. If the
appropriate options are configured, restricted commands can be
prevented from running.
Nothing in this CL actually uses that, but it works if you turn
it on.
BUG=chrome-os-partner:55322
BRANCH=none
TEST=make buildall, test on Cr50 hardware
I also tested it manually. If you add this to board.h:
#define CONFIG_CONSOLE_COMMAND_FLAGS
#define CONFIG_RESTRICTED_CONSOLE_COMMANDS
#define CONFIG_CONSOLE_COMMAND_FLAGS_DEFAULT CMD_FLAG_RESTRICTED
and this to board.c:
static int restricted_state;
int console_is_restricted(void)
{
return restricted_state;
}
static int command_lock(int argc, char **argv)
{
int enabled;
if (argc > 1) {
if (!parse_bool(argv[1], &enabled))
return EC_ERROR_PARAM1;
restricted_state = enabled;
}
ccprintf("The restricted console lock is %s\n",
restricted_state ? "enabled" : "disabled");
return EC_SUCCESS;
}
DECLARE_CONSOLE_COMMAND_FLAGS(lock, command_lock,
"[<BOOLEAN>]",
"Get/Set the restricted console lock",
0); /* no restrictions */
then you can use the "lock" command to enable and disable every
other console command except for it and "help".
Change-Id: Ic9517f9ea7a9867f15e5d14b302246070163d558
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/376186
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Diffstat (limited to 'common/console.c')
-rw-r--r-- | common/console.c | 21 |
1 files changed, 16 insertions, 5 deletions
diff --git a/common/console.c b/common/console.c index 3b5524b996..785f71ce56 100644 --- a/common/console.c +++ b/common/console.c @@ -240,6 +240,11 @@ command_has_error: return EC_ERROR_UNKNOWN; } +#ifdef CONFIG_RESTRICTED_CONSOLE_COMMANDS + if (console_is_restricted() && cmd->flags & CMD_FLAG_RESTRICTED) + rv = EC_ERROR_ACCESS_DENIED; + else +#endif rv = cmd->handler(argc, argv); if (rv == EC_SUCCESS) return rv; @@ -720,12 +725,18 @@ static int command_help(int argc, char **argv) ccputs("Known commands:\n"); for (i = 0; i < rows; i++) { - ccputs(" "); + ccputs(" "); for (j = 0; j < cols; j++) { int index = j * rows + i; if (index >= ncmds) break; - ccprintf("%-15s", __cmds[index].name); +#ifdef CONFIG_RESTRICTED_CONSOLE_COMMANDS + if (console_is_restricted() && + __cmds[index].flags & CMD_FLAG_RESTRICTED) + ccprintf("-%-14s", __cmds[index].name); + else +#endif + ccprintf(" %-14s", __cmds[index].name); } ccputs("\n"); cflush(); @@ -738,9 +749,9 @@ static int command_help(int argc, char **argv) return EC_SUCCESS; } -DECLARE_CONSOLE_COMMAND(help, command_help, - "[ list | <name> ]", - "Print command help"); +DECLARE_SAFE_CONSOLE_COMMAND(help, command_help, + "[ list | <name> ]", + "Print command help"); #ifdef CONFIG_CONSOLE_HISTORY static int command_history(int argc, char **argv) |