LCOV - code coverage report
Current view: top level - app/server - AclStorage.h (source / functions) Hit Total Coverage
Test: lcov_final.info Lines: 1 4 25.0 %
Date: 2024-02-15 08:20:41 Functions: 1 5 20.0 % 

          Line data    Source code
       1             : /*
       2             :  *
       3             :  *    Copyright (c) 2022 Project CHIP Authors
       4             :  *
       5             :  *    Licensed under the Apache License, Version 2.0 (the "License");
       6             :  *    you may not use this file except in compliance with the License.
       7             :  *    You may obtain a copy of the License at
       8             :  *
       9             :  *        http://www.apache.org/licenses/LICENSE-2.0
      10             :  *
      11             :  *    Unless required by applicable law or agreed to in writing, software
      12             :  *    distributed under the License is distributed on an "AS IS" BASIS,
      13             :  *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
      14             :  *    See the License for the specific language governing permissions and
      15             :  *    limitations under the License.
      16             :  */
      17             : 
      18             : #pragma once
      19             : 
      20             : #include <access/AccessControl.h>
      21             : #include <credentials/FabricTable.h>
      22             : #include <lib/core/CHIPPersistentStorageDelegate.h>
      23             : 
      24             : #include <app-common/zap-generated/cluster-objects.h>
      25             : 
      26             : namespace chip {
      27             : namespace app {
      28             : 
      29             : /**
      30             :  * Storage specifically for access control entries, which correspond to the
      31             :  * ACL attribute of the access control cluster.
      32             :  *
      33             :  * An object of this class should be initialized directly after the access
      34             :  * control module is initialized, as it will populate entries in the system
      35             :  * module from storage, and also install a listener in the system module to
      36             :  * keep storage up to date as entries change.
      37             :  *
      38             :  * This class also provides facilities for converting between access control
      39             :  * entries (as used by the system module) and access control entries (as used
      40             :  * by the generated cluster code).
      41             :  */
      42             : class AclStorage
      43             : {
      44             : public:
      45             :     /**
      46             :      * Used for decoding access control entries.
      47             :      *
      48             :      * Typically used temporarily on the stack to decode:
      49             :      * - source: TLV
      50             :      * - staging: generated cluster level code
      51             :      * - destination: system level access control entry
      52             :      */
      53             :     class DecodableEntry
      54             :     {
      55             :         using Entry        = Access::AccessControl::Entry;
      56             :         using StagingEntry = Clusters::AccessControl::Structs::AccessControlEntryStruct::DecodableType;
      57             : 
      58             :     public:
      59           0 :         DecodableEntry() = default;
      60             : 
      61             :         /**
      62             :          * Reader decodes into a staging entry, which is then unstaged
      63             :          * into a member entry.
      64             :          */
      65             :         CHIP_ERROR Decode(TLV::TLVReader & reader);
      66             : 
      67           0 :         Entry & GetEntry() { return mEntry; }
      68             : 
      69             :         const Entry & GetEntry() const { return mEntry; }
      70             : 
      71             :     public:
      72             :         static constexpr bool kIsFabricScoped = true;
      73             : 
      74             :         void SetFabricIndex(FabricIndex fabricIndex) { mEntry.SetFabricIndex(fabricIndex); }
      75             : 
      76             :     private:
      77             :         CHIP_ERROR Unstage();
      78             : 
      79             :     private:
      80             :         Entry mEntry;
      81             : 
      82             :         StagingEntry mStagingEntry;
      83             :     };
      84             : 
      85             :     /**
      86             :      * Used for encoding access control entries.
      87             :      *
      88             :      * Typically used temporarily on the stack to encode:
      89             :      * - source: system level access control entry
      90             :      * - staging: generated cluster level code
      91             :      * - destination: TLV
      92             :      */
      93             :     class EncodableEntry
      94             :     {
      95             :         using Entry         = Access::AccessControl::Entry;
      96             :         using StagingEntry  = Clusters::AccessControl::Structs::AccessControlEntryStruct::Type;
      97             :         using StagingTarget = Clusters::AccessControl::Structs::AccessControlTargetStruct::Type;
      98             : 
      99             :     public:
     100           0 :         EncodableEntry(const Entry & entry) : mEntry(entry) {}
     101             : 
     102             :         /**
     103             :          * Constructor-provided entry is staged into a staging entry,
     104             :          * which is then encoded into a writer.
     105             :          */
     106             :         CHIP_ERROR EncodeForRead(TLV::TLVWriter & writer, TLV::Tag tag, FabricIndex fabric) const;
     107             : 
     108             :         /**
     109             :          * Constructor-provided entry is staged into a staging entry,
     110             :          * which is then encoded into a writer.
     111             :          */
     112             :         CHIP_ERROR EncodeForWrite(TLV::TLVWriter & writer, TLV::Tag tag) const;
     113             : 
     114             :         /**
     115             :          * Constructor-provided entry is staged into a staging entry.
     116             :          */
     117             :         CHIP_ERROR Stage() const;
     118             : 
     119             :         StagingEntry & GetStagingEntry() { return mStagingEntry; }
     120             : 
     121             :         const StagingEntry & GetStagingEntry() const { return mStagingEntry; }
     122             : 
     123             :     public:
     124             :         static constexpr bool kIsFabricScoped = true;
     125             : 
     126             :         FabricIndex GetFabricIndex() const
     127             :         {
     128             :             FabricIndex fabricIndex = kUndefinedFabricIndex;
     129             :             mEntry.GetFabricIndex(fabricIndex);
     130             :             return fabricIndex;
     131             :         }
     132             : 
     133             :     private:
     134             :         const Entry & mEntry;
     135             : 
     136             :         mutable StagingEntry mStagingEntry;
     137             :         mutable NodeId mStagingSubjects[CHIP_CONFIG_EXAMPLE_ACCESS_CONTROL_MAX_SUBJECTS_PER_ENTRY];
     138             :         mutable StagingTarget mStagingTargets[CHIP_CONFIG_EXAMPLE_ACCESS_CONTROL_MAX_TARGETS_PER_ENTRY];
     139             :     };
     140             : 
     141           1 :     virtual ~AclStorage() = default;
     142             : 
     143             :     /**
     144             :      * Initialize should be called after chip::Access::AccessControl is initialized.
     145             :      *
     146             :      * Implementations should take this opportunity to populate AccessControl with ACL entries
     147             :      * loaded from persistent storage. A half-open range of fabrics [first, last) is provided
     148             :      * so this can be done on a per-fabric basis.
     149             :      *
     150             :      * Implementations should also install an entry change listener on AccessControl to maintain
     151             :      * ACL entries in persistent storage as they are changed.
     152             :      */
     153             :     virtual CHIP_ERROR Init(PersistentStorageDelegate & persistentStorage, ConstFabricIterator first, ConstFabricIterator last) = 0;
     154             : };
     155             : 
     156             : } // namespace app
     157             : } // namespace chip

Generated by: LCOV version 1.14