Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add extension attribute to access control cluster #17008

Merged
merged 6 commits into from
Apr 5, 2022
Merged

Add extension attribute to access control cluster #17008

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
ebddcdd
Add extension attribute to access control cluster
mlepage-google Apr 4, 2022
2cac609
Remove temp log
mlepage-google Apr 4, 2022
81a624e
Add extension event support
mlepage-google Apr 4, 2022
be46ad2
Relax VerifyOrDie
mlepage-google Apr 4, 2022
839c13c
Update src/app/clusters/access-control-server/access-control-server.cpp
mlepage-google Apr 4, 2022
72f9d8c
Change some error codes
mlepage-google Apr 4, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
117 changes: 80 additions & 37 deletions src/app/clusters/access-control-server/access-control-server.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,9 +39,6 @@ namespace AccessControlCluster = chip::app::Clusters::AccessControl;
// TODO(#13590): generated code doesn't automatically handle max length so do it manually
constexpr int kExtensionDataMaxLength = 128;

// Storage version used in keys.
constexpr int kStorageVersion = 1;

namespace {

struct Subject
Expand Down Expand Up @@ -367,13 +364,12 @@ class AccessControlAttribute : public chip::app::AttributeAccessInterface

constexpr uint16_t AccessControlAttribute::ClusterRevision;

CHIP_ERROR LogEntryChangedEvent(const AccessControl::Entry & entry, const Access::SubjectDescriptor & subjectDescriptor,
AccessControlCluster::ChangeTypeEnum changeType)
CHIP_ERROR LogAclChangedEvent(const AccessControl::Entry & entry, const Access::SubjectDescriptor & subjectDescriptor,
AccessControlCluster::ChangeTypeEnum changeType)
{
CHIP_ERROR err;

// Record AccessControlEntry event
EventNumber eventNumber;
DataModel::Nullable<chip::NodeId> adminNodeID;
DataModel::Nullable<uint16_t> adminPasscodeID;
DataModel::Nullable<AccessControlCluster::Structs::AccessControlEntry::Type> latestValue;
Expand Down Expand Up @@ -439,6 +435,7 @@ CHIP_ERROR LogEntryChangedEvent(const AccessControl::Entry & entry, const Access
AccessControlCluster::Events::AccessControlEntryChanged::Type event{ adminNodeID, adminPasscodeID, changeType, latestValue,
subjectDescriptor.fabricIndex };

EventNumber eventNumber;
err = LogEvent(event, 0, eventNumber);
if (CHIP_NO_ERROR != err)
{
Expand All @@ -448,6 +445,34 @@ CHIP_ERROR LogEntryChangedEvent(const AccessControl::Entry & entry, const Access
return err;
}

CHIP_ERROR LogExtensionChangedEvent(const AccessControlCluster::Structs::ExtensionEntry::Type & item,
const Access::SubjectDescriptor & subjectDescriptor,
AccessControlCluster::ChangeTypeEnum changeType)
{
AccessControlCluster::Events::AccessControlExtensionChanged::Type event{ .changeType = changeType,
.adminFabricIndex = subjectDescriptor.fabricIndex };

if (subjectDescriptor.authMode == Access::AuthMode::kCase)
{
event.adminNodeID.SetNonNull(subjectDescriptor.subject);
}
else if (subjectDescriptor.authMode == Access::AuthMode::kPase)
{
event.adminPasscodeID.SetNonNull(PAKEKeyIdFromNodeId(subjectDescriptor.subject));
}

event.latestValue.SetNonNull(item);

EventNumber eventNumber;
CHIP_ERROR err = LogEvent(event, 0, eventNumber);
if (CHIP_NO_ERROR != err)
{
ChipLogError(DataManagement, "AccessControlCluster: log event failed");
mlepage-google marked this conversation as resolved.
Show resolved Hide resolved
}

return err;
}

CHIP_ERROR AccessControlAttribute::Read(const ConcreteReadAttributePath & aPath, AttributeValueEncoder & aEncoder)
{
switch (aPath.mAttributeId)
Expand Down Expand Up @@ -489,17 +514,20 @@ CHIP_ERROR AccessControlAttribute::ReadExtension(AttributeValueEncoder & aEncode
auto & fabrics = Server::GetInstance().GetFabricTable();

return aEncoder.EncodeList([&](const auto & encoder) -> CHIP_ERROR {
for (auto it = fabrics.begin(); it != fabrics.end(); ++it)
for (auto & fabric : fabrics)
{
uint8_t buffer[kExtensionDataMaxLength] = { 0 };
uint16_t size = static_cast<uint16_t>(sizeof(buffer));
auto err =
storage.SyncGetKeyValue(key.AccessControlExtensionEntry(kStorageVersion, it->GetFabricIndex()), buffer, size);
ReturnErrorCodeIf(err == CHIP_ERROR_PERSISTED_STORAGE_VALUE_NOT_FOUND, CHIP_NO_ERROR);
ReturnErrorOnFailure(err);
CHIP_ERROR errStorage = storage.SyncGetKeyValue(key.AccessControlExtensionEntry(fabric.GetFabricIndex()), buffer, size);
VerifyOrDie(errStorage != CHIP_ERROR_BUFFER_TOO_SMALL);
mlepage-google marked this conversation as resolved.
Show resolved Hide resolved
if (errStorage == CHIP_ERROR_PERSISTED_STORAGE_VALUE_NOT_FOUND)
{
continue;
}
ReturnErrorOnFailure(errStorage);
AccessControlCluster::Structs::ExtensionEntry::Type item = {
.data = ByteSpan(buffer, size),
.fabricIndex = it->GetFabricIndex(),
.fabricIndex = fabric.GetFabricIndex(),
};
ReturnErrorOnFailure(encoder.Encode(item));
}
Expand Down Expand Up @@ -557,14 +585,14 @@ CHIP_ERROR AccessControlAttribute::WriteAcl(const ConcreteDataAttributePath & aP
if (i < oldCount)
{
ReturnErrorOnFailure(GetAccessControl().UpdateEntry(i, iterator.GetValue().entry, &accessingFabricIndex));
ReturnErrorOnFailure(LogEntryChangedEvent(iterator.GetValue().entry, aDecoder.GetSubjectDescriptor(),
AccessControlCluster::ChangeTypeEnum::kChanged));
ReturnErrorOnFailure(LogAclChangedEvent(iterator.GetValue().entry, aDecoder.GetSubjectDescriptor(),
AccessControlCluster::ChangeTypeEnum::kChanged));
}
else
{
ReturnErrorOnFailure(GetAccessControl().CreateEntry(nullptr, iterator.GetValue().entry, &accessingFabricIndex));
ReturnErrorOnFailure(LogEntryChangedEvent(iterator.GetValue().entry, aDecoder.GetSubjectDescriptor(),
AccessControlCluster::ChangeTypeEnum::kAdded));
ReturnErrorOnFailure(LogAclChangedEvent(iterator.GetValue().entry, aDecoder.GetSubjectDescriptor(),
AccessControlCluster::ChangeTypeEnum::kAdded));
}
++i;
}
Expand All @@ -577,7 +605,7 @@ CHIP_ERROR AccessControlAttribute::WriteAcl(const ConcreteDataAttributePath & aP
--oldCount;
ReturnErrorOnFailure(GetAccessControl().ReadEntry(oldCount, entry, &accessingFabricIndex));
ReturnErrorOnFailure(
LogEntryChangedEvent(entry, aDecoder.GetSubjectDescriptor(), AccessControlCluster::ChangeTypeEnum::kRemoved));
LogAclChangedEvent(entry, aDecoder.GetSubjectDescriptor(), AccessControlCluster::ChangeTypeEnum::kRemoved));
ReturnErrorOnFailure(GetAccessControl().DeleteEntry(oldCount, &accessingFabricIndex));
}
}
Expand All @@ -588,7 +616,7 @@ CHIP_ERROR AccessControlAttribute::WriteAcl(const ConcreteDataAttributePath & aP

ReturnErrorOnFailure(GetAccessControl().CreateEntry(nullptr, item.entry, &accessingFabricIndex));
ReturnErrorOnFailure(
LogEntryChangedEvent(item.entry, aDecoder.GetSubjectDescriptor(), AccessControlCluster::ChangeTypeEnum::kAdded));
LogAclChangedEvent(item.entry, aDecoder.GetSubjectDescriptor(), AccessControlCluster::ChangeTypeEnum::kAdded));
}
else
{
Expand All @@ -605,6 +633,12 @@ CHIP_ERROR AccessControlAttribute::WriteExtension(const ConcreteDataAttributePat

FabricIndex accessingFabricIndex = aDecoder.AccessingFabricIndex();

uint8_t buffer[kExtensionDataMaxLength] = { 0 };
uint16_t size = static_cast<uint16_t>(sizeof(buffer));
CHIP_ERROR errStorage = storage.SyncGetKeyValue(key.AccessControlExtensionEntry(accessingFabricIndex), buffer, size);
VerifyOrDie(errStorage != CHIP_ERROR_BUFFER_TOO_SMALL);
mlepage-google marked this conversation as resolved.
Show resolved Hide resolved
ReturnErrorCodeIf(errStorage != CHIP_NO_ERROR && errStorage != CHIP_ERROR_PERSISTED_STORAGE_VALUE_NOT_FOUND, errStorage);

if (!aPath.IsListItemOperation())
{
DataModel::DecodableList<AccessControlCluster::Structs::ExtensionEntry::DecodableType> list;
Expand All @@ -615,41 +649,50 @@ CHIP_ERROR AccessControlAttribute::WriteExtension(const ConcreteDataAttributePat

if (count == 0)
{
auto err = storage.SyncDeleteKeyValue(key.AccessControlExtensionEntry(kStorageVersion, accessingFabricIndex));
ReturnErrorCodeIf(err != CHIP_ERROR_PERSISTED_STORAGE_VALUE_NOT_FOUND, err);
ReturnErrorCodeIf(errStorage == CHIP_ERROR_PERSISTED_STORAGE_VALUE_NOT_FOUND, CHIP_NO_ERROR);
ReturnErrorOnFailure(storage.SyncDeleteKeyValue(key.AccessControlExtensionEntry(accessingFabricIndex)));
AccessControlCluster::Structs::ExtensionEntry::Type item = {
.data = ByteSpan(buffer, size),
bzbarsky-apple marked this conversation as resolved.
Show resolved Hide resolved
.fabricIndex = accessingFabricIndex,
};
ReturnErrorOnFailure(
LogExtensionChangedEvent(item, aDecoder.GetSubjectDescriptor(), AccessControlCluster::ChangeTypeEnum::kRemoved));
}
else if (count == 1)
{
auto iterator = list.begin();
ReturnErrorCodeIf(!iterator.Next(), CHIP_ERROR_MISSING_TLV_ELEMENT);
if (!iterator.Next())
{
ReturnErrorOnFailure(iterator.GetStatus());
// If counted an item, iterator doesn't return it, iterator has no error, that's bad.
VerifyOrDie(true);
mlepage-google marked this conversation as resolved.
Show resolved Hide resolved
}
auto & item = iterator.GetValue();
// TODO(#13590): generated code doesn't automatically handle max length so do it manually
ReturnErrorCodeIf(item.data.size() > kExtensionDataMaxLength, CHIP_ERROR_INVALID_ARGUMENT);
ReturnErrorOnFailure(storage.SyncSetKeyValue(key.AccessControlExtensionEntry(kStorageVersion, accessingFabricIndex),
item.data.data(), static_cast<uint16_t>(item.data.size())));
ReturnErrorCodeIf(item.data.size() > kExtensionDataMaxLength, CHIP_ERROR_INVALID_STRING_LENGTH);
bzbarsky-apple marked this conversation as resolved.
Show resolved Hide resolved
ReturnErrorOnFailure(storage.SyncSetKeyValue(key.AccessControlExtensionEntry(accessingFabricIndex), item.data.data(),
static_cast<uint16_t>(item.data.size())));
ReturnErrorOnFailure(LogExtensionChangedEvent(item, aDecoder.GetSubjectDescriptor(),
errStorage == CHIP_ERROR_PERSISTED_STORAGE_VALUE_NOT_FOUND
? AccessControlCluster::ChangeTypeEnum::kAdded
: AccessControlCluster::ChangeTypeEnum::kChanged));
}
else
{
// Only one item supported per fabric.
return CHIP_ERROR_INVALID_ARGUMENT;
return CHIP_ERROR_INVALID_LIST_LENGTH;
bzbarsky-apple marked this conversation as resolved.
Show resolved Hide resolved
}
}
else if (aPath.mListOp == ConcreteDataAttributePath::ListOperation::AppendItem)
{
{
uint8_t buffer[0];
uint16_t size = static_cast<uint16_t>(sizeof(buffer));
auto err =
storage.SyncGetKeyValue(key.AccessControlExtensionEntry(kStorageVersion, accessingFabricIndex), buffer, size);
ReturnErrorCodeIf(err != CHIP_ERROR_PERSISTED_STORAGE_VALUE_NOT_FOUND, err);
}

ReturnErrorCodeIf(errStorage != CHIP_ERROR_PERSISTED_STORAGE_VALUE_NOT_FOUND, CHIP_ERROR_INVALID_LIST_LENGTH);
bzbarsky-apple marked this conversation as resolved.
Show resolved Hide resolved
AccessControlCluster::Structs::ExtensionEntry::DecodableType item;
ReturnErrorOnFailure(aDecoder.Decode(item));
// TODO(#13590): generated code doesn't automatically handle max length so do it manually
ReturnErrorCodeIf(item.data.size() > kExtensionDataMaxLength, CHIP_ERROR_INVALID_ARGUMENT);
ReturnErrorOnFailure(storage.SyncSetKeyValue(key.AccessControlExtensionEntry(kStorageVersion, accessingFabricIndex),
item.data.data(), static_cast<uint16_t>(item.data.size())));
ReturnErrorCodeIf(item.data.size() > kExtensionDataMaxLength, CHIP_ERROR_INVALID_STRING_LENGTH);
bzbarsky-apple marked this conversation as resolved.
Show resolved Hide resolved
ReturnErrorOnFailure(storage.SyncSetKeyValue(key.AccessControlExtensionEntry(accessingFabricIndex), item.data.data(),
static_cast<uint16_t>(item.data.size())));
ReturnErrorOnFailure(
LogExtensionChangedEvent(item, aDecoder.GetSubjectDescriptor(), AccessControlCluster::ChangeTypeEnum::kAdded));
}
else
{
Expand Down
5 changes: 1 addition & 4 deletions src/lib/support/DefaultStorageKeyAllocator.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,10 +46,7 @@ class DefaultStorageKeyAllocator
const char * FailSafeContextKey() { return Format("g/fsc"); }

// Access Control
const char * AccessControlExtensionEntry(size_t version, FabricIndex fabric)
{
return Format("a/%x/1/%x", static_cast<unsigned>(version), static_cast<unsigned>(fabric));
}
const char * AccessControlExtensionEntry(FabricIndex fabric) { return Format("f/%x/ac/1", fabric); }

const char * AccessControlList() { return Format("acl"); }
const char * AccessControlEntry(size_t index)
Expand Down