From 188e5d752f8a1e6faf9401dcea0d7e134fce563e Mon Sep 17 00:00:00 2001
From: Brendan Jackman <brendan.jackman@arm.com>
Date: Wed, 4 Oct 2017 13:24:44 +0100
Subject: [PATCH 1/3] framework/execution: Whitespace

---
 wa/framework/execution.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/wa/framework/execution.py b/wa/framework/execution.py
index d012fa3f..590f55bd 100644
--- a/wa/framework/execution.py
+++ b/wa/framework/execution.py
@@ -332,7 +332,7 @@ class Executor(object):
 
 class Runner(object):
     """
-    
+
     """
 
     def __init__(self, context, pm):
@@ -419,7 +419,7 @@ class Runner(object):
 
         with signal.wrap('JOB_SETUP', self):
             job.setup(context)
-        
+
         try:
             with signal.wrap('JOB_EXECUTION', self):
                 job.run(context)
@@ -473,7 +473,7 @@ class Runner(object):
         retry_job.retries = job.retries + 1
         retry_job.set_status(Status.PENDING)
         self.context.job_queue.insert(0, retry_job)
-        
+
     def send(self, s):
         signal.send(s, self, self.context)
 

From 06b451d31b0c00e3a640c65bdbe5c8387a017e22 Mon Sep 17 00:00:00 2001
From: Brendan Jackman <brendan.jackman@arm.com>
Date: Wed, 4 Oct 2017 13:25:06 +0100
Subject: [PATCH 2/3] framework: Add feature to mark workloads unsafe for
 confidential devices

Some workloads, such as Geekbench, may phone home and report data about the
device they are running on. This poses a risk for users that are testing on
unreleased or otherwise confidential devices - perhaps they use a standard
agenda to run a large battery of tests, in which case they may forget to disable
these dangerous workloads.

This provides a mechanism to prevent running those workloads from running by
setting allow_phone_home=False in the user configuration.
---
 wa/framework/configuration/core.py | 13 +++++++++++++
 wa/framework/execution.py          |  7 +++++++
 wa/framework/workload.py           | 11 +++++++++++
 3 files changed, 31 insertions(+)

diff --git a/wa/framework/configuration/core.py b/wa/framework/configuration/core.py
index b5ae7e83..8db5d553 100644
--- a/wa/framework/configuration/core.py
+++ b/wa/framework/configuration/core.py
@@ -783,6 +783,19 @@ class RunConfiguration(Configuration):
             export the output to an exeternal location.
             ''',
         ),
+        ConfigurationPoint(
+            'allow_phone_home',
+            kind=bool, default=True,
+            description='''
+            Setting this to ``False`` prevents running any workloads that are marked
+            with 'phones_home', meaning they are at risk of exposing information
+            about the device to the outside world. For example, some benchmark
+            applications upload device data to a database owned by the
+            maintainers.
+
+            This can be used to minimise the risk of accidentally running such
+            workloads when testing confidential devices.
+            '''),
     ]
     configuration = {cp.name: cp for cp in config_points + meta_data}
 
diff --git a/wa/framework/execution.py b/wa/framework/execution.py
index 590f55bd..d665389c 100644
--- a/wa/framework/execution.py
+++ b/wa/framework/execution.py
@@ -411,6 +411,13 @@ class Runner(object):
             self.check_job(job)
 
     def do_run_job(self, job, context):
+        rc = self.context.cm.run_config
+        if job.workload.phones_home and not rc.allow_phone_home:
+            self.logger.warning('Skipping job {} ({}) due to allow_phone_home=False'
+                                .format(job.id, job.workload.name))
+            job.set_status(Status.SKIPPED)
+            return
+
         job.set_status(Status.RUNNING)
         self.send(signal.JOB_STARTED)
 
diff --git a/wa/framework/workload.py b/wa/framework/workload.py
index baaba343..7638b376 100644
--- a/wa/framework/workload.py
+++ b/wa/framework/workload.py
@@ -39,6 +39,17 @@ class Workload(TargetedPlugin):
 
     kind = 'workload'
 
+    phones_home = False
+    """
+    Set this to True to mark that this workload poses a risk of exposing
+    information to the outside world about the device it runs on. An example of
+    this would be a benchmark application that sends scores and device data to a
+    database owned by the maintainer.
+
+    The user can then set allow_phone_home=False in their configuration to
+    prevent this workload from being run accidentally.
+    """
+
     def init_resources(self, context):
         """
         This method may be used to perform early resource discovery and

From 73d45b69a5b3873f76f963cdb94628fbb286cde1 Mon Sep 17 00:00:00 2001
From: Brendan Jackman <brendan.jackman@arm.com>
Date: Wed, 4 Oct 2017 13:27:05 +0100
Subject: [PATCH 3/3] geekbench: Mark as a workload that may phone home

---
 wa/workloads/geekbench/__init__.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/wa/workloads/geekbench/__init__.py b/wa/workloads/geekbench/__init__.py
index ddddcec7..186bf4ca 100644
--- a/wa/workloads/geekbench/__init__.py
+++ b/wa/workloads/geekbench/__init__.py
@@ -98,6 +98,8 @@ class Geekbench(ApkUiautoWorkload):
 
     is_corporate = False
 
+    phones_home = True
+
     @property
     def activity(self):
         return self.versions[self.version]['activity']