Update attestation policy so that check attestation flag can be set o…

…nly once

Signed-off-by: Prakash Narayana Moorthy <[email protected]>

ledgers/ccf/transaction_processor/pdo_tp.cpp

@@ -63,6 +63,15 @@ namespace ccfapp
             // get the current view of contract_enclave_check_attestation_flag
             auto check_attestation_flag_view = ctx.tx.rw(contract_enclave_check_attestation_flag);
 
+            // Current PDO policy permits the flag to be set only once. Check if already set.
+
+            // Below we check the ccf node has a local copy of the attestation flag. If yes, an error
+            // is returned. (Note that global commit of the flag might be pending, and this is OK).
+            auto check_attestation_flag_check = check_attestation_flag_view->get(PDO_ENCLAVE_CHECK_ATTESTATION_FLAG);
+            if (check_attestation_flag_check.has_value()){
+                return ccf::make_success("Attesation check flag can be set only once");
+            }
+
             // collect the data to be stored
             ContractEnclaveAttestionCheckFlag check_attestation_flag;
             check_attestation_flag.check_attestation = in.check_attestation;