diff --git a/src/app/BUILD.gn b/src/app/BUILD.gn index 7ef2fd303ac445..0a3a865a678e7d 100644 --- a/src/app/BUILD.gn +++ b/src/app/BUILD.gn @@ -80,6 +80,8 @@ static_library("app") { "DeviceProxy.h", "EventManagement.cpp", "EventPathParams.h", + "FailSafeContext.cpp", + "FailSafeContext.h", "GlobalAttributes.h", "InteractionModelEngine.cpp", "InteractionModelRevision.h", diff --git a/src/app/server/BUILD.gn b/src/app/server/BUILD.gn index 2e0bb81ca26639..d77162909ee5e6 100644 --- a/src/app/server/BUILD.gn +++ b/src/app/server/BUILD.gn @@ -38,8 +38,6 @@ static_library("server") { "Dnssd.h", "EchoHandler.cpp", "EchoHandler.h", - "FailSafeContext.cpp", - "FailSafeContext.h", "OnboardingCodesUtil.cpp", "OnboardingCodesUtil.h", "Server.cpp", diff --git a/src/app/server/FailSafeContext.cpp b/src/app/server/FailSafeContext.cpp deleted file mode 100644 index bf69ff360ee886..00000000000000 --- a/src/app/server/FailSafeContext.cpp +++ /dev/null @@ -1,139 +0,0 @@ -/* - * - * Copyright (c) 2022 Project CHIP Authors - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/** - * @file - * Provides the implementation of the FailSafeContext object. - */ - -#include -#include - -#include "FailSafeContext.h" - -using namespace chip::DeviceLayer; - -namespace chip { -namespace app { - -void FailSafeContext::HandleArmFailSafeTimer(System::Layer * layer, void * aAppState) -{ - FailSafeContext * failSafeContext = reinterpret_cast(aAppState); - failSafeContext->FailSafeTimerExpired(); -} - -void FailSafeContext::HandleMaxCumulativeFailSafeTimer(System::Layer * layer, void * aAppState) -{ - FailSafeContext * failSafeContext = reinterpret_cast(aAppState); - failSafeContext->FailSafeTimerExpired(); -} - -void FailSafeContext::HandleDisarmFailSafe(intptr_t arg) -{ - FailSafeContext * failSafeContext = reinterpret_cast(arg); - failSafeContext->DisarmFailSafe(); -} - -void FailSafeContext::FailSafeTimerExpired() -{ - if (!IsFailSafeArmed()) - { - // In case this was a pending timer event in event loop, and we had - // done CommissioningComplete or manual disarm. - return; - } - - ChipLogProgress(FailSafe, "Fail-safe timer expired"); - ScheduleFailSafeCleanup(mFabricIndex, mAddNocCommandHasBeenInvoked, mUpdateNocCommandHasBeenInvoked); -} - -void FailSafeContext::ScheduleFailSafeCleanup(FabricIndex fabricIndex, bool addNocCommandInvoked, bool updateNocCommandInvoked) -{ - // Not armed, but busy so cannot rearm (via General Commissioning cluster) until the flushing - // via `HandleDisarmFailSafe` path is complete. - // TODO: This is hacky and we need to remove all this event pushing business, to keep all fail-safe logic-only. - mFailSafeBusy = true; - mFailSafeArmed = false; - - ChipDeviceEvent event; - event.Type = DeviceEventType::kFailSafeTimerExpired; - event.FailSafeTimerExpired.fabricIndex = fabricIndex; - event.FailSafeTimerExpired.addNocCommandHasBeenInvoked = addNocCommandInvoked; - event.FailSafeTimerExpired.updateNocCommandHasBeenInvoked = updateNocCommandInvoked; - CHIP_ERROR status = PlatformMgr().PostEvent(&event); - - if (status != CHIP_NO_ERROR) - { - ChipLogError(FailSafe, "Failed to post fail-safe timer expired: %" CHIP_ERROR_FORMAT, status.Format()); - } - - PlatformMgr().ScheduleWork(HandleDisarmFailSafe, reinterpret_cast(this)); -} - -CHIP_ERROR FailSafeContext::ArmFailSafe(FabricIndex accessingFabricIndex, uint16_t expiryLengthSeconds) -{ - CHIP_ERROR err = CHIP_NO_ERROR; - bool cancelTimersIfError = false; - if (!mFailSafeArmed) - { - System::Clock::Timeout maxCumulativeTimeout = System::Clock::Seconds32(CHIP_DEVICE_CONFIG_MAX_CUMULATIVE_FAILSAFE_SEC); - SuccessOrExit(err = DeviceLayer::SystemLayer().StartTimer(maxCumulativeTimeout, HandleMaxCumulativeFailSafeTimer, this)); - cancelTimersIfError = true; - } - - SuccessOrExit( - err = DeviceLayer::SystemLayer().StartTimer(System::Clock::Seconds16(expiryLengthSeconds), HandleArmFailSafeTimer, this)); - - mFailSafeArmed = true; - mFabricIndex = accessingFabricIndex; - -exit: - - if (err != CHIP_NO_ERROR && cancelTimersIfError) - { - DeviceLayer::SystemLayer().CancelTimer(HandleArmFailSafeTimer, this); - DeviceLayer::SystemLayer().CancelTimer(HandleMaxCumulativeFailSafeTimer, this); - } - return err; -} - -void FailSafeContext::DisarmFailSafe() -{ - DeviceLayer::SystemLayer().CancelTimer(HandleArmFailSafeTimer, this); - DeviceLayer::SystemLayer().CancelTimer(HandleMaxCumulativeFailSafeTimer, this); - - ResetState(); - - ChipLogProgress(FailSafe, "Fail-safe cleanly disarmed"); -} - -void FailSafeContext::ForceFailSafeTimerExpiry() -{ - if (!IsFailSafeArmed()) - { - return; - } - - // Cancel the timer since we force its action - DeviceLayer::SystemLayer().CancelTimer(HandleArmFailSafeTimer, this); - DeviceLayer::SystemLayer().CancelTimer(HandleMaxCumulativeFailSafeTimer, this); - - FailSafeTimerExpired(); -} - -} // namespace app -} // namespace chip diff --git a/src/app/server/FailSafeContext.h b/src/app/server/FailSafeContext.h deleted file mode 100644 index 4cbc3ba897bcff..00000000000000 --- a/src/app/server/FailSafeContext.h +++ /dev/null @@ -1,146 +0,0 @@ -/* - * - * Copyright (c) 2022 Project CHIP Authors - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/** - * @file - * A 'Fail Safe Context' SHALL be created on the receiver, to track fail-safe - * state information while the fail-safe is armed. - */ - -#pragma once - -#include -#include -#include - -namespace chip { -namespace app { - -class FailSafeContext -{ -public: - // ===== Members for internal use by other Device Layer components. - - /** - * @brief - * Only a single fail-safe timer is started on the device, if this function is called again - * when the fail-safe timer is currently armed, the currently-running fail-safe timer will - * first be cancelled, then the fail-safe timer will be re-armed. - */ - CHIP_ERROR ArmFailSafe(FabricIndex accessingFabricIndex, uint16_t expiryLengthSeconds); - - /** - * @brief Cleanly disarm failsafe timer, such as on CommissioningComplete - */ - void DisarmFailSafe(); - void SetAddNocCommandInvoked(FabricIndex nocFabricIndex) - { - mAddNocCommandHasBeenInvoked = true; - mFabricIndex = nocFabricIndex; - } - void SetUpdateNocCommandInvoked() { mUpdateNocCommandHasBeenInvoked = true; } - void SetAddTrustedRootCertInvoked() { mAddTrustedRootCertHasBeenInvoked = true; } - void SetCsrRequestForUpdateNoc(bool isForUpdateNoc) { mIsCsrRequestForUpdateNoc = isForUpdateNoc; } - - /** - * @brief - * Schedules a work to cleanup the FailSafe Context asynchronously after various cleanup work - * has completed. - */ - void ScheduleFailSafeCleanup(FabricIndex fabricIndex, bool addNocCommandInvoked, bool updateNocCommandInvoked); - - bool IsFailSafeArmed(FabricIndex accessingFabricIndex) const - { - return mFailSafeArmed && MatchesFabricIndex(accessingFabricIndex); - } - - // Returns true if the fail-safe is in a state where commands that require an armed - // fail-safe can no longer execute, but a new fail-safe can't be armed yet. - bool IsFailSafeBusy() const { return mFailSafeBusy; } - - bool IsFailSafeArmed() const { return mFailSafeArmed; } - - bool MatchesFabricIndex(FabricIndex accessingFabricIndex) const - { - VerifyOrDie(mFailSafeArmed); - return (accessingFabricIndex == mFabricIndex); - } - - bool NocCommandHasBeenInvoked() const { return mAddNocCommandHasBeenInvoked || mUpdateNocCommandHasBeenInvoked; } - bool AddNocCommandHasBeenInvoked() const { return mAddNocCommandHasBeenInvoked; } - bool UpdateNocCommandHasBeenInvoked() const { return mUpdateNocCommandHasBeenInvoked; } - bool AddTrustedRootCertHasBeenInvoked() const { return mAddTrustedRootCertHasBeenInvoked; } - bool IsCsrRequestForUpdateNoc() const { return mIsCsrRequestForUpdateNoc; } - - FabricIndex GetFabricIndex() const - { - VerifyOrDie(mFailSafeArmed); - return mFabricIndex; - } - - // Immediately disarms the timer and schedules a failsafe timer expiry. - // If the failsafe is not armed, this is a no-op. - void ForceFailSafeTimerExpiry(); - -private: - bool mFailSafeArmed = false; - bool mFailSafeBusy = false; - bool mAddNocCommandHasBeenInvoked = false; - bool mUpdateNocCommandHasBeenInvoked = false; - bool mAddTrustedRootCertHasBeenInvoked = false; - // The fact of whether a CSR occurred at all is stored elsewhere. - bool mIsCsrRequestForUpdateNoc = false; - FabricIndex mFabricIndex = kUndefinedFabricIndex; - - /** - * @brief - * The callback function to be called when "fail-safe timer" expires. - */ - static void HandleArmFailSafeTimer(System::Layer * layer, void * aAppState); - - /** - * @brief - * The callback function to be called when max cumulative time expires. - */ - static void HandleMaxCumulativeFailSafeTimer(System::Layer * layer, void * aAppState); - - /** - * @brief - * The callback function to be called asynchronously after various cleanup work has completed - * to actually disarm the fail-safe. - */ - static void HandleDisarmFailSafe(intptr_t arg); - - /** - * @brief Reset to unarmed basic state - */ - void ResetState() - { - mFailSafeArmed = false; - mAddNocCommandHasBeenInvoked = false; - mUpdateNocCommandHasBeenInvoked = false; - mAddTrustedRootCertHasBeenInvoked = false; - mFailSafeBusy = false; - mIsCsrRequestForUpdateNoc = false; - } - - void FailSafeTimerExpired(); - CHIP_ERROR CommitToStorage(); -}; - -} // namespace app -} // namespace chip diff --git a/src/app/server/Server.h b/src/app/server/Server.h index 96288dc0ba0453..13eac3aedd8a56 100644 --- a/src/app/server/Server.h +++ b/src/app/server/Server.h @@ -24,13 +24,13 @@ #include #include #include +#include #include #include #include #include #include #include -#include #include #include #include diff --git a/src/app/tests/TestFailSafeContext.cpp b/src/app/tests/TestFailSafeContext.cpp index 3632e369ba2501..85d6e096da0207 100644 --- a/src/app/tests/TestFailSafeContext.cpp +++ b/src/app/tests/TestFailSafeContext.cpp @@ -28,7 +28,7 @@ #include #include -#include +#include #include #include #include