-
Notifications
You must be signed in to change notification settings - Fork 2k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Managed ACL: Add AccessRestrictionList support (#34932)
* Add AccessRestrictionList support * Update src/access/AccessConfig.h Co-authored-by: C Freeman <cecille@google.com> * Reworked data manipulators and other cleanup * Fixed encode/decode so reading CommissioningARL and Arl attributes work * Reworked ARL storage Previously ARL related data was persisted in KVS. This has been removed and now the responsibility for managing/maintaining the related data (CommissioningARL and ARL attributes) is up to the app to set on AccessRestrictionProvider class. * Review fixes cleanup ArlEncoder interface. return error to client if arl review request fails return token to client in FabricRestrictionReviewUpdate * Fixed GetEntries vector pointer arg * Updated core restriction logic/integration * Restyled by clang-format * fixed include check for renamed AccessRestrictionProvider.h file * M-ACL updates - refactored AccessControl::Check into CheckACL and CheckARL - added placeholders for the upcoming CHIP_ERROR_ACCESS_RESTRICTED_BY_ARL - extracted ARL exception processing to standalone class for better testing * Add plumbing for subject descriptor IsCommissioning field - Make session manager update that state on a message-per-message basis - Add tests Missing test: MRP test against a not-yet-committed fabric over CASE showing that IsCommissioning is true. * Fix crash * Use new IsCommissioning in ARL check * Updates for review comments * restyled * Review updates - fixed return type for some command failures - enhanced unit tests * restyled * Updated ARL tests per review comments * work around nuttx and jsoncpp contention * Review comments and nuttx build failure fix attempt * review updates --------- Co-authored-by: C Freeman <cecille@google.com> Co-authored-by: Restyled.io <commits@restyled.io> Co-authored-by: tennessee.carmelveilleux@gmail.com <tennessee.carmelveilleux@gmail.com>
- Loading branch information
1 parent
32c961f
commit 87f6277
Showing
40 changed files
with
2,349 additions
and
63 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
55 changes: 55 additions & 0 deletions
55
examples/platform/linux/ExampleAccessRestrictionProvider.h
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,55 @@ | ||
/* | ||
* | ||
* Copyright (c) 2024 Project CHIP Authors | ||
* All rights reserved. | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); | ||
* you may not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
|
||
/* | ||
* AccessRestriction implementation for Linux examples. | ||
*/ | ||
|
||
#pragma once | ||
|
||
#include <access/AccessRestrictionProvider.h> | ||
#include <app-common/zap-generated/cluster-objects.h> | ||
#include <app/EventLogging.h> | ||
|
||
namespace chip { | ||
namespace Access { | ||
|
||
class ExampleAccessRestrictionProvider : public AccessRestrictionProvider | ||
{ | ||
public: | ||
ExampleAccessRestrictionProvider() : AccessRestrictionProvider() {} | ||
|
||
~ExampleAccessRestrictionProvider() {} | ||
|
||
protected: | ||
CHIP_ERROR DoRequestFabricRestrictionReview(const FabricIndex fabricIndex, uint64_t token, const std::vector<Entry> & arl) | ||
{ | ||
// this example simply removes all restrictions and will generate AccessRestrictionEntryChanged events | ||
Access::GetAccessControl().GetAccessRestrictionProvider()->SetEntries(fabricIndex, std::vector<Entry>{}); | ||
|
||
chip::app::Clusters::AccessControl::Events::FabricRestrictionReviewUpdate::Type event{ .token = token, | ||
.fabricIndex = fabricIndex }; | ||
EventNumber eventNumber; | ||
ReturnErrorOnFailure(chip::app::LogEvent(event, kRootEndpointId, eventNumber)); | ||
|
||
return CHIP_NO_ERROR; | ||
} | ||
}; | ||
|
||
} // namespace Access | ||
} // namespace chip |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.