LCOV - code coverage report
Current view: top level - app - FailSafeContext.h (source / functions) Hit Total Coverage
Test: lcov_final.info Lines: 11 11 100.0 %
Date: 2024-02-15 08:20:41 Functions: 4 4 100.0 % 

          Line data    Source code
       1             : /*
       2             :  *
       3             :  *    Copyright (c) 2022 Project CHIP Authors
       4             :  *
       5             :  *    Licensed under the Apache License, Version 2.0 (the "License");
       6             :  *    you may not use this file except in compliance with the License.
       7             :  *    You may obtain a copy of the License at
       8             :  *
       9             :  *        http://www.apache.org/licenses/LICENSE-2.0
      10             :  *
      11             :  *    Unless required by applicable law or agreed to in writing, software
      12             :  *    distributed under the License is distributed on an "AS IS" BASIS,
      13             :  *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
      14             :  *    See the License for the specific language governing permissions and
      15             :  *    limitations under the License.
      16             :  */
      17             : 
      18             : /**
      19             :  *    @file
      20             :  *          A 'Fail Safe Context' SHALL be created on the receiver, to track fail-safe
      21             :  *          state information while the fail-safe is armed.
      22             :  */
      23             : 
      24             : #pragma once
      25             : 
      26             : #include <lib/core/CHIPError.h>
      27             : #include <lib/core/DataModelTypes.h>
      28             : #include <platform/internal/CHIPDeviceLayerInternal.h>
      29             : #include <system/SystemClock.h>
      30             : 
      31             : namespace chip {
      32             : namespace app {
      33             : 
      34             : class FailSafeContext
      35             : {
      36             : public:
      37             :     // ===== Members for internal use by other Device Layer components.
      38             : 
      39             :     /**
      40             :      * @brief
      41             :      *  Only a single fail-safe timer is started on the device, if this function is called again
      42             :      *  when the fail-safe timer is currently armed, the currently-running fail-safe timer will
      43             :      *  first be cancelled, then the fail-safe timer will be re-armed.
      44             :      */
      45             :     CHIP_ERROR ArmFailSafe(FabricIndex accessingFabricIndex, System::Clock::Seconds16 expiryLengthSeconds);
      46             : 
      47             :     /**
      48             :      * @brief Cleanly disarm failsafe timer, such as on CommissioningComplete
      49             :      */
      50             :     void DisarmFailSafe();
      51             :     void SetAddNocCommandInvoked(FabricIndex nocFabricIndex)
      52             :     {
      53             :         mAddNocCommandHasBeenInvoked = true;
      54             :         mFabricIndex                 = nocFabricIndex;
      55             :     }
      56             :     void SetUpdateNocCommandInvoked() { mUpdateNocCommandHasBeenInvoked = true; }
      57             :     void SetAddTrustedRootCertInvoked() { mAddTrustedRootCertHasBeenInvoked = true; }
      58             :     void SetCsrRequestForUpdateNoc(bool isForUpdateNoc) { mIsCsrRequestForUpdateNoc = isForUpdateNoc; }
      59             : 
      60             :     /**
      61             :      * @brief
      62             :      *   Schedules a work to cleanup the FailSafe Context asynchronously after various cleanup work
      63             :      *   has completed.
      64             :      */
      65             :     void ScheduleFailSafeCleanup(FabricIndex fabricIndex, bool addNocCommandInvoked, bool updateNocCommandInvoked);
      66             : 
      67             :     bool IsFailSafeArmed(FabricIndex accessingFabricIndex) const
      68             :     {
      69             :         return IsFailSafeArmed() && MatchesFabricIndex(accessingFabricIndex);
      70             :     }
      71             : 
      72             :     // Returns true if the fail-safe is in a state where commands that require an armed
      73             :     // fail-safe can no longer execute, but a new fail-safe can't be armed yet.
      74           8 :     bool IsFailSafeBusy() const { return mFailSafeBusy; }
      75             : 
      76           6 :     bool IsFailSafeArmed() const { return mFailSafeArmed; }
      77             : 
      78             :     // True if it is possible to do an initial arming of the failsafe if needed.
      79             :     // To be used in places where some action should take place only if the
      80             :     // fail-safe could be armed after that action.
      81           6 :     bool IsFailSafeFullyDisarmed() const { return !IsFailSafeArmed() && !IsFailSafeBusy(); }
      82             : 
      83             :     bool MatchesFabricIndex(FabricIndex accessingFabricIndex) const
      84             :     {
      85             :         VerifyOrDie(IsFailSafeArmed());
      86             :         return (accessingFabricIndex == mFabricIndex);
      87             :     }
      88             : 
      89             :     bool NocCommandHasBeenInvoked() const { return mAddNocCommandHasBeenInvoked || mUpdateNocCommandHasBeenInvoked; }
      90             :     bool AddNocCommandHasBeenInvoked() const { return mAddNocCommandHasBeenInvoked; }
      91             :     bool UpdateNocCommandHasBeenInvoked() const { return mUpdateNocCommandHasBeenInvoked; }
      92             :     bool AddTrustedRootCertHasBeenInvoked() const { return mAddTrustedRootCertHasBeenInvoked; }
      93             :     bool IsCsrRequestForUpdateNoc() const { return mIsCsrRequestForUpdateNoc; }
      94             : 
      95             :     FabricIndex GetFabricIndex() const
      96             :     {
      97             :         VerifyOrDie(IsFailSafeArmed());
      98             :         return mFabricIndex;
      99             :     }
     100             : 
     101             :     // Immediately disarms the timer and schedules a failsafe timer expiry.
     102             :     // If the failsafe is not armed, this is a no-op.
     103             :     void ForceFailSafeTimerExpiry();
     104             : 
     105             : private:
     106             :     bool mFailSafeArmed                    = false;
     107             :     bool mFailSafeBusy                     = false;
     108             :     bool mAddNocCommandHasBeenInvoked      = false;
     109             :     bool mUpdateNocCommandHasBeenInvoked   = false;
     110             :     bool mAddTrustedRootCertHasBeenInvoked = false;
     111             :     // The fact of whether a CSR occurred at all is stored elsewhere.
     112             :     bool mIsCsrRequestForUpdateNoc = false;
     113             :     FabricIndex mFabricIndex       = kUndefinedFabricIndex;
     114             : 
     115             :     /**
     116             :      * @brief
     117             :      *  The callback function to be called when "fail-safe timer" expires.
     118             :      */
     119             :     static void HandleArmFailSafeTimer(System::Layer * layer, void * aAppState);
     120             : 
     121             :     /**
     122             :      * @brief
     123             :      *  The callback function to be called when max cumulative time expires.
     124             :      */
     125             :     static void HandleMaxCumulativeFailSafeTimer(System::Layer * layer, void * aAppState);
     126             : 
     127             :     /**
     128             :      * @brief
     129             :      *  The callback function to be called asynchronously after various cleanup work has completed
     130             :      *  to actually disarm the fail-safe.
     131             :      */
     132             :     static void HandleDisarmFailSafe(intptr_t arg);
     133             : 
     134             :     void SetFailSafeArmed(bool armed);
     135             : 
     136             :     /**
     137             :      * @brief Reset to unarmed basic state
     138             :      */
     139           2 :     void ResetState()
     140             :     {
     141           2 :         SetFailSafeArmed(false);
     142             : 
     143           2 :         mAddNocCommandHasBeenInvoked      = false;
     144           2 :         mUpdateNocCommandHasBeenInvoked   = false;
     145           2 :         mAddTrustedRootCertHasBeenInvoked = false;
     146           2 :         mFailSafeBusy                     = false;
     147           2 :         mIsCsrRequestForUpdateNoc         = false;
     148           2 :     }
     149             : 
     150             :     void FailSafeTimerExpired();
     151             :     CHIP_ERROR CommitToStorage();
     152             : };
     153             : 
     154             : } // namespace app
     155             : } // namespace chip

Generated by: LCOV version 1.14