RDKB-62350 : Implement SentryAtTheEdge and TCPTrackerFilterDevices RFC DML parameters (#37)

**Reason for change:** Implement SentryAtTheEdge (SATE) and
TCPTrackerFilterDevices RFC DML
parameters to control `dos_protection`, `ip_reputation` and
`tcptracker_filter_devices` breakers

**RFC DML parameters implemented:**
```
Device.DeviceInfo.X_RDKCENTRAL-COM_RFC.Feature.AdvSecSentryAtTheEdge.Enable
Device.DeviceInfo.X_RDKCENTRAL-COM_RFC.Feature.AdvSecTCPTrackerFilterDevices.Enable
```

For SATE listen Only,
    AdvSecSentryAtTheEdge RFC needs to be enabled
For SATE full mode,
Both AdvSecSentryAtTheEdge and TCPTrackerFilterDevices RFCs needs to be
enabled

**Test Procedure:**

1. Sentry at the Edge listen only needs to be tested
2. For every DOS / IP reputation / model profile threat generated in
client, 2 threats are recorded
in CUJO admin portal one being ignored (sentry at the edge) and another
being blocked (sentry at the cloud)

**Risks:** Low
**Priority:** P1

**Signed-off-by:** Santhosh_GujulvaJagadeesh@comcast.com

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

Author: SanthoshGujulvajagadeesh

config/TR181-AdvSecurity.xml

@@ -394,6 +394,38 @@
                   </parameter>
                 </parameters>
             </object>
+            <object>
+              <name>AdvSecSentryAtTheEdge</name>
+              <objectType>object</objectType>
+                <functions>
+                  <func_GetParamBoolValue>AdvSecSentryAtTheEdge_RFC_GetParamBoolValue</func_GetParamBoolValue>
+                  <func_SetParamBoolValue>AdvSecSentryAtTheEdge_RFC_SetParamBoolValue</func_SetParamBoolValue>
+                </functions>
+                <parameters>
+                  <parameter>
+                    <name>Enable</name>
+                    <type>boolean</type>
+                    <syntax>bool</syntax>
+                    <writable>true</writable>
+                  </parameter>
+                </parameters>
+            </object>
+            <object>
+              <name>AdvSecTCPTrackerFilterDevices</name>
+              <objectType>object</objectType>
+                <functions>
+                  <func_GetParamBoolValue>AdvSecTCPTrackerFilterDevices_RFC_GetParamBoolValue</func_GetParamBoolValue>
+                  <func_SetParamBoolValue>AdvSecTCPTrackerFilterDevices_RFC_SetParamBoolValue</func_SetParamBoolValue>
+                </functions>
+                <parameters>
+                  <parameter>
+                    <name>Enable</name>
+                    <type>boolean</type>
+                    <syntax>bool</syntax>
+                    <writable>true</writable>
+                  </parameter>
+                </parameters>
+            </object>
             <object>
               <name>WifiDataCollection</name>
               <objectType>object</objectType>

scripts/advsec.sh

@@ -85,6 +85,8 @@ export ADVSEC_RAPTR_ENABLED_PATH=/tmp/advsec_raptr_enabled
 export ADVSEC_USERSPACE_ENABLED_PATH=/tmp/advsec_userspace_enabled
 export ADVSEC_CUJOTRACER_ENABLED_PATH=/tmp/advsec_cujotracer_enabled
 export ADVSEC_CUJOTELEMETRY_ENABLED_PATH=/tmp/advsec_cujotelemetry_enabled
+export ADVSEC_SATE_ENABLED_PATH=/tmp/advsec_sate_enabled
+export ADVSEC_TCPTRACKER_FILTER_DEVICES_ENABLED_PATH=/tmp/advsec_tcptracker_filter_devices_enabled
 export ADVSEC_WIFIDATACOLLECTION_ENABLED_PATH=/tmp/advsec_wifidatacollection_enabled
 export ADVSEC_LEVL_ENABLED_PATH=/tmp/advsec_levl_enabled
 export ADVSEC_AGENT_ENABLED_PATH=/tmp/advsec_agent_enabled
@@ -111,6 +113,8 @@ export ADVSEC_RAPTR_RFC_ENABLED=`syscfg get Adv_RaptrRFCEnable`
 export ADVSEC_USERSPACE_RFC_ENABLED=`syscfg get Adv_AdvSecUserSpaceRFCEnable`
 export ADVSEC_CUJOTRACER_RFC_ENABLED=`syscfg get Adv_AdvSecCujoTracerRFCEnable`
 export ADVSEC_CUJOTELEMETRY_RFC_ENABLED=`syscfg get Adv_AdvSecCujoTelemetryRFCEnable`
+export ADVSEC_SATE_RFC_ENABLED=`syscfg get Adv_SATERFCEnable`
+export ADVSEC_TCPTRACKER_FILTER_DEVICES_RFC_ENABLED=`syscfg get Adv_TCPTrackerFilterDevicesRFCEnable`
 export ADVSEC_WIFIDATACOLLECTION_RFC_ENABLED=`syscfg get Adv_WifiDataCollectionRFCEnable`
 export ADVSEC_LEVL_RFC_ENABLED=`syscfg get Adv_LevlRFCEnable`
 export ADVSEC_AGENT_RFC_ENABLED=`syscfg get Adv_AdvSecAgentRFCEnable`
@@ -156,6 +160,10 @@ export ADV_CUJOTRACER_RFC_ENABLE_LOG=ADVANCE_SECURITY_CUJOTRACER_ENABLED
 export ADV_CUJOTRACER_RFC_DISABLE_LOG=ADVANCE_SECURITY_CUJOTRACER_DISABLED
 export ADV_CUJOTELEMETRY_RFC_ENABLE_LOG=ADVANCE_SECURITY_CUJOTELEMETRY_ENABLED
 export ADV_CUJOTELEMETRY_RFC_DISABLE_LOG=ADVANCE_SECURITY_CUJOTELEMETRY_DISABLED
+export ADV_SATE_RFC_ENABLE_LOG=ADVANCE_SECURITY_SENTRY_AT_THE_EDGE_ENABLED
+export ADV_SATE_RFC_DISABLE_LOG=ADVANCE_SECURITY_SENTRY_AT_THE_EDGE_DISABLED
+export ADV_TCPTRACKER_FILTER_DEVICES_RFC_ENABLE_LOG=ADVANCE_SECURITY_TCPTRACKER_FILTER_DEVICES_ENABLED
+export ADV_TCPTRACKER_FILTER_DEVICES_RFC_DISABLE_LOG=ADVANCE_SECURITY_TCPTRACKER_FILTER_DEVICES_DISABLED
 
 export ADVSEC_SAFEBRO_SETTING="${RW_DIR}/safebro.json"
 

scripts/advsec_log_fp_status.sh

@@ -124,6 +124,18 @@ check_status()
         print_telemetry_log ${ADV_CUJOTELEMETRY_RFC_DISABLE_LOG} ${ADVSEC_AGENT_LOG_PATH}
     fi
 
+    if [ -e ${ADVSEC_SATE_ENABLED_PATH} ]; then
+        print_telemetry_log ${ADV_SATE_RFC_ENABLE_LOG} ${ADVSEC_AGENT_LOG_PATH}
+    else
+        print_telemetry_log ${ADV_SATE_RFC_DISABLE_LOG} ${ADVSEC_AGENT_LOG_PATH}
+    fi
+
+    if [ -e ${ADVSEC_TCPTRACKER_FILTER_DEVICES_ENABLED_PATH} ]; then
+        print_telemetry_log ${ADV_TCPTRACKER_FILTER_DEVICES_RFC_ENABLE_LOG} ${ADVSEC_AGENT_LOG_PATH}
+    else
+        print_telemetry_log ${ADV_TCPTRACKER_FILTER_DEVICES_RFC_DISABLE_LOG} ${ADVSEC_AGENT_LOG_PATH}
+    fi
+
     if [ -e ${ADVSEC_WIFIDATACOLLECTION_ENABLED_PATH} ]; then
         print_telemetry_log ${ADV_WIFIDATACOLLECTION_RFC_ENABLE_LOG} ${ADVSEC_AGENT_LOG_PATH}
     else

scripts/start_adv_security.sh

@@ -264,6 +264,14 @@ then
         rm $ADVSEC_CUJOTELEMETRY_ENABLED_PATH
     fi
 
+    if [ -f $ADVSEC_SATE_ENABLED_PATH ]; then
+        rm $ADVSEC_SATE_ENABLED_PATH
+    fi
+
+    if [ -f $ADVSEC_TCPTRACKER_FILTER_DEVICES_ENABLED_PATH ]; then
+        rm $ADVSEC_TCPTRACKER_FILTER_DEVICES_ENABLED_PATH
+    fi
+
     if [ -f $ADVSEC_WIFIDATACOLLECTION_ENABLED_PATH ]; then
         rm $ADVSEC_WIFIDATACOLLECTION_ENABLED_PATH
     fi
@@ -608,6 +616,46 @@ disable_cujotelemetry()
    fi
 }
 
+enable_sate()
+{
+   touch $ADVSEC_SATE_ENABLED_PATH
+   echo_t ${ADV_SATE_RFC_ENABLE_LOG} >> ${ADVSEC_AGENT_LOG_PATH}
+
+    if [ "$1" = "RR" ]; then
+       advsec_restart_agent "AgentSentryAtTheEdge_RFC_Enabled"
+   fi
+}
+
+disable_sate()
+{
+   rm -f $ADVSEC_SATE_ENABLED_PATH
+   echo_t ${ADV_SATE_RFC_DISABLE_LOG} >> ${ADVSEC_AGENT_LOG_PATH}
+
+    if [ "$1" = "RR" ]; then
+       advsec_restart_agent "AgentSentryAtTheEdge_RFC_Disabled"
+   fi
+}
+
+enable_tcptracker_filter_devices()
+{
+   touch $ADVSEC_TCPTRACKER_FILTER_DEVICES_ENABLED_PATH
+   echo_t ${ADV_TCPTRACKER_FILTER_DEVICES_RFC_ENABLE_LOG} >> ${ADVSEC_AGENT_LOG_PATH}
+
+    if [ "$1" = "RR" ]; then
+       advsec_restart_agent "AgentTCPTrackerFilterDevices_RFC_Enabled"
+   fi
+}
+
+disable_tcptracker_filter_devices()
+{
+   rm -f $ADVSEC_TCPTRACKER_FILTER_DEVICES_ENABLED_PATH
+   echo_t ${ADV_TCPTRACKER_FILTER_DEVICES_RFC_DISABLE_LOG} >> ${ADVSEC_AGENT_LOG_PATH}
+
+    if [ "$1" = "RR" ]; then
+       advsec_restart_agent "AgentTCPTrackerFilterDevices_RFC_Disabled"
+   fi
+}
+
 enable_wifidatacollection()
 {
     if [ -f $ADVSEC_WIFIDCL_INIT_PATH ]; then
@@ -913,6 +961,22 @@ if [ "$1" = "-disableCTD" ]; then
     disable_cujotelemetry "RR"
 fi
 
+if [ "$1" = "-enableSATE" ]; then
+    enable_sate "RR"
+fi
+
+if [ "$1" = "-disableSATE" ]; then
+    disable_sate "RR"
+fi
+
+if [ "$1" = "-enableTCPTrackerFilterDevices" ]; then
+    enable_tcptracker_filter_devices "RR"
+fi
+
+if [ "$1" = "-disableTCPTrackerFilterDevices" ]; then
+    disable_tcptracker_filter_devices "RR"
+fi
+
 if [ "$1" = "-enableWSDiscovery" ]; then
    enable_wsdiscovery "FR"
 fi