From 930a516198b12c78b5f8b0580c4bb135c52a87b2 Mon Sep 17 00:00:00 2001
From: Adeeb Shihadeh <adeebshihadeh@gmail.com>
Date: Wed, 5 Jan 2022 16:22:55 -0800
Subject: [PATCH 1/2] Toyota: add AEB message TX checks

---
 board/safety/safety_toyota.h |  9 +++++++++
 tests/safety/test_toyota.py  | 13 ++++++++++++-
 2 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/board/safety/safety_toyota.h b/board/safety/safety_toyota.h
index f3d5eff7ee..bc585696b9 100644
--- a/board/safety/safety_toyota.h
+++ b/board/safety/safety_toyota.h
@@ -172,6 +172,15 @@ static int toyota_tx_hook(CANPacket_t *to_send) {
       }
     }
 
+    // AEB: block all actuation. only used when DSU is unplugged
+    if (addr == 0x283) {
+      // only allow the checksum, which is the last byte
+      bool block = (GET_BYTES_04(to_send) != 0) || (GET_BYTE(to_send, 4) != 0) || (GET_BYTE(to_send, 5) != 0);
+      if (block) {
+        tx = 0;
+      }
+    }
+
     // LTA steering check
     // only sent to prevent dash errors, no actuation is accepted
     if (addr == 0x191) {
diff --git a/tests/safety/test_toyota.py b/tests/safety/test_toyota.py
index 11c0a5fb63..ab9cb22896 100755
--- a/tests/safety/test_toyota.py
+++ b/tests/safety/test_toyota.py
@@ -74,12 +74,23 @@ def _pcm_status_msg(self, enable):
   # Toyota gas gains are the same
   def _interceptor_msg(self, gas, addr):
     to_send = make_msg(0, addr, 6)
-    to_send[0].data[0] = (gas & 0xFF00) >> 8 
+    to_send[0].data[0] = (gas & 0xFF00) >> 8
     to_send[0].data[1] = gas & 0xFF
     to_send[0].data[2] = (gas & 0xFF00) >> 8
     to_send[0].data[3] = gas & 0xFF
     return to_send
 
+  def test_block_aeb(self):
+    for controls_allowed in (True, False):
+      for bad in (True, False):
+        for _ in range(10):
+          self.safety.set_controls_allowed(controls_allowed)
+          dat = [random.randint(1, 255) for _ in range(7)]
+          if not bad:
+            dat = [0]*6 + dat[-1:]
+          msg = common.package_can_msg([0x283, 0, bytes(dat),  0])
+          self.assertEqual(not bad, self._tx(msg))
+
   def test_accel_actuation_limits(self):
     limits = ((MIN_ACCEL, MAX_ACCEL, UNSAFE_MODE.DEFAULT),
               (MIN_ACCEL, MAX_ACCEL, UNSAFE_MODE.RAISE_LONGITUDINAL_LIMITS_TO_ISO_MAX))

From 9221cd700a778834b29e2be94dbaaf80fc05dbd2 Mon Sep 17 00:00:00 2001
From: Adeeb Shihadeh <adeebshihadeh@gmail.com>
Date: Wed, 5 Jan 2022 16:29:25 -0800
Subject: [PATCH 2/2] misra

---
 board/safety/safety_toyota.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/board/safety/safety_toyota.h b/board/safety/safety_toyota.h
index bc585696b9..648d10d768 100644
--- a/board/safety/safety_toyota.h
+++ b/board/safety/safety_toyota.h
@@ -175,7 +175,7 @@ static int toyota_tx_hook(CANPacket_t *to_send) {
     // AEB: block all actuation. only used when DSU is unplugged
     if (addr == 0x283) {
       // only allow the checksum, which is the last byte
-      bool block = (GET_BYTES_04(to_send) != 0) || (GET_BYTE(to_send, 4) != 0) || (GET_BYTE(to_send, 5) != 0);
+      bool block = (GET_BYTES_04(to_send) != 0U) || (GET_BYTE(to_send, 4) != 0U) || (GET_BYTE(to_send, 5) != 0U);
       if (block) {
         tx = 0;
       }