evie/rs-matter
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

NoC: Remove any ACLs for this fabric

Browse source
This commit is contained in:
Kedar Sovani 2023-03-04 14:49:08 +05:30
parent fbcbcb7db4
commit 2f360af9c2
2 changed files with 35 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

34
matter/src/acl.rs
View file

@ -78,14 +78,17 @@ pub const NOC_CAT_SUBJECT_PREFIX: u64 = 0xFFFF_FFFD_0000_0000;
const NOC_CAT_ID_MASK: u64 = 0xFFFF_0000; const NOC_CAT_ID_MASK: u64 = 0xFFFF_0000;
const NOC_CAT_VERSION_MASK: u64 = 0xFFFF; const NOC_CAT_VERSION_MASK: u64 = 0xFFFF;
/// Is this identifier a NOC CAT
fn is_noc_cat(id: u64) -> bool { fn is_noc_cat(id: u64) -> bool {
(id & NOC_CAT_SUBJECT_PREFIX) == NOC_CAT_SUBJECT_PREFIX (id & NOC_CAT_SUBJECT_PREFIX) == NOC_CAT_SUBJECT_PREFIX
} }
/// Get the 16-bit NOC CAT id from the identifier
fn get_noc_cat_id(id: u64) -> u64 { fn get_noc_cat_id(id: u64) -> u64 {
(id & NOC_CAT_ID_MASK) >> 16 (id & NOC_CAT_ID_MASK) >> 16
} }
/// Get the 16-bit NOC CAT version from the identifier
fn get_noc_cat_version(id: u64) -> u64 { fn get_noc_cat_version(id: u64) -> u64 {
id & NOC_CAT_VERSION_MASK id & NOC_CAT_VERSION_MASK
} }
@ -96,6 +99,7 @@ pub fn gen_noc_cat(id: u16, version: u16) -> u32 {
((id as u32) << 16) | version as u32 ((id as u32) << 16) | version as u32
} }
/// The Subjects that identify the Accessor
pub struct AccessorSubjects([u64; MAX_ACCESSOR_SUBJECTS]); pub struct AccessorSubjects([u64; MAX_ACCESSOR_SUBJECTS]);
impl AccessorSubjects { impl AccessorSubjects {
@ -816,4 +820,34 @@ mod tests {
req.set_target_perms(Access::RWVA); req.set_target_perms(Access::RWVA);
assert_eq!(req.allow(), true); assert_eq!(req.allow(), true);
} }
#[test]
fn test_delete_for_fabric() {
let am = Arc::new(AclMgr::new_with(false).unwrap());
am.erase_all();
let path = GenericPath::new(Some(1), Some(1234), None);
let accessor2 = Accessor::new(2, AccessorSubjects::new(112233), AuthMode::Case, am.clone());
let mut req2 = AccessReq::new(&accessor2, &path, Access::READ);
req2.set_target_perms(Access::RWVA);
let accessor3 = Accessor::new(3, AccessorSubjects::new(112233), AuthMode::Case, am.clone());
let mut req3 = AccessReq::new(&accessor3, &path, Access::READ);
req3.set_target_perms(Access::RWVA);
// Allow for subject match - target is wildcard - Fabric idx 2
let mut new = AclEntry::new(2, Privilege::VIEW, AuthMode::Case);
new.add_subject(112233).unwrap();
am.add(new).unwrap();
// Allow for subject match - target is wildcard - Fabric idx 3
let mut new = AclEntry::new(3, Privilege::VIEW, AuthMode::Case);
new.add_subject(112233).unwrap();
am.add(new).unwrap();
// Req for Fabric idx 2 gets denied, and that for Fabric idx 3 is allowed
assert_eq!(req2.allow(), true);
assert_eq!(req3.allow(), true);
am.delete_for_fabric(2).unwrap();
assert_eq!(req2.allow(), false);
assert_eq!(req3.allow(), true);
}
} }

1
matter/src/data_model/sdm/noc.rs
View file

@ -268,6 +268,7 @@ impl NocCluster {
let req = let req =
RemoveFabricReq::from_tlv(&cmd_req.data).map_err(|_| IMStatusCode::InvalidCommand)?; RemoveFabricReq::from_tlv(&cmd_req.data).map_err(|_| IMStatusCode::InvalidCommand)?;
if self.fabric_mgr.remove(req.fab_idx).is_ok() { if self.fabric_mgr.remove(req.fab_idx).is_ok() {
let _ = self.acl_mgr.delete_for_fabric(req.fab_idx);
cmd_req.trans.terminate(); cmd_req.trans.terminate();
} else { } else {
NocCluster::create_nocresponse( NocCluster::create_nocresponse(