diff --git a/examples/platform/linux/AppMain.cpp b/examples/platform/linux/AppMain.cpp index 03c44bd7d1ca5f..04f58c677e1274 100644 --- a/examples/platform/linux/AppMain.cpp +++ b/examples/platform/linux/AppMain.cpp @@ -33,8 +33,6 @@ #include #include -#include - #include #include #include @@ -66,27 +64,6 @@ using namespace chip::DeviceLayer; using namespace chip::Inet; using namespace chip::Transport; -class GeneralStorageDelegate : public PersistentStorageDelegate -{ - CHIP_ERROR SyncGetKeyValue(const char * key, void * buffer, uint16_t & size) override - { - ChipLogProgress(NotSpecified, "Retrieved value from general storage."); - return PersistedStorage::KeyValueStoreMgr().Get(key, buffer, size); - } - - CHIP_ERROR SyncSetKeyValue(const char * key, const void * value, uint16_t size) override - { - ChipLogProgress(NotSpecified, "Stored value in general storage"); - return PersistedStorage::KeyValueStoreMgr().Put(key, value, size); - } - - CHIP_ERROR SyncDeleteKeyValue(const char * key) override - { - ChipLogProgress(NotSpecified, "Delete value in general storage"); - return PersistedStorage::KeyValueStoreMgr().Delete(key); - } -}; - #if defined(ENABLE_CHIP_SHELL) using chip::Shell::Engine; #endif @@ -111,8 +88,6 @@ void EventHandler(const DeviceLayer::ChipDeviceEvent * event, intptr_t arg) ChipLogProgress(DeviceLayer, "Receive kCHIPoBLEConnectionEstablished"); } } - -GeneralStorageDelegate gAclStorageDelegate; } // namespace #if CHIP_DEVICE_CONFIG_ENABLE_WPA @@ -161,8 +136,6 @@ int ChipLinuxAppInit(int argc, char ** argv) PrintOnboardingCodes(LinuxDeviceOptions::GetInstance().payload); - Access::Examples::SetAccessControlDelegateStorage(&gAclStorageDelegate); - #if defined(PW_RPC_ENABLED) rpc::Init(); ChipLogProgress(NotSpecified, "PW_RPC initialized."); diff --git a/src/access/examples/ExampleAccessControlDelegate.cpp b/src/access/examples/ExampleAccessControlDelegate.cpp index dbff97122a514c..7bbd2a6b88cdb5 100644 --- a/src/access/examples/ExampleAccessControlDelegate.cpp +++ b/src/access/examples/ExampleAccessControlDelegate.cpp @@ -1069,12 +1069,13 @@ class AccessControlDelegate : public AccessControl::Delegate CHIP_ERROR err = LoadFromFlash(); if (err != CHIP_NO_ERROR) { + ChipLogDetail(DataManagement, "Unable to load stored ACL entries; using empty list instead"); for (auto & storage : EntryStorage::acl) { storage.Clear(); } } - return err; + return CHIP_NO_ERROR; } CHIP_ERROR Finish() override @@ -1309,17 +1310,11 @@ namespace chip { namespace Access { namespace Examples { -AccessControl::Delegate & GetAccessControlDelegate() +AccessControl::Delegate & GetAccessControlDelegate(PersistentStorageDelegate * storageDelegate) { static AccessControlDelegate accessControlDelegate; - return accessControlDelegate; -} - -void SetAccessControlDelegateStorage(chip::PersistentStorageDelegate * storageDelegate) -{ - ChipLogDetail(DataManagement, "Examples::SetAccessControlDelegateStorage"); - AccessControlDelegate & accessControlDelegate = static_cast(GetAccessControlDelegate()); accessControlDelegate.SetStorageDelegate(storageDelegate); + return accessControlDelegate; } } // namespace Examples diff --git a/src/access/examples/ExampleAccessControlDelegate.h b/src/access/examples/ExampleAccessControlDelegate.h index e2a3bd04d913e3..1f5ee944680328 100644 --- a/src/access/examples/ExampleAccessControlDelegate.h +++ b/src/access/examples/ExampleAccessControlDelegate.h @@ -23,9 +23,16 @@ namespace chip { namespace Access { namespace Examples { -AccessControl::Delegate & GetAccessControlDelegate(); - -void SetAccessControlDelegateStorage(chip::PersistentStorageDelegate * storageDelegate); +/** + * @brief Get a global instance of the access control delegate implemented in this module. + * + * NOTE: This function should be followed by an ::Init() method call. This function does + * not manage lifecycle considerations. + * + * @param storageDelegate Storage instance to access persisted ACL data + * @return a reference to the AccessControl::Delegate singleton. + */ +AccessControl::Delegate & GetAccessControlDelegate(PersistentStorageDelegate * storageDelegate); } // namespace Examples } // namespace Access diff --git a/src/access/tests/TestAccessControl.cpp b/src/access/tests/TestAccessControl.cpp index aab39503be9097..2b5cfcccdcbfd5 100644 --- a/src/access/tests/TestAccessControl.cpp +++ b/src/access/tests/TestAccessControl.cpp @@ -33,7 +33,7 @@ using Entry = AccessControl::Entry; using EntryIterator = AccessControl::EntryIterator; using Target = Entry::Target; -AccessControl accessControl(Examples::GetAccessControlDelegate()); +AccessControl accessControl(Examples::GetAccessControlDelegate(nullptr)); constexpr ClusterId kOnOffCluster = 0x0006; constexpr ClusterId kLevelControlCluster = 0x0008; diff --git a/src/app/clusters/access-control-server/access-control-server.cpp b/src/app/clusters/access-control-server/access-control-server.cpp index a4a51cca1558bc..e4ca3ad18cfe2c 100644 --- a/src/app/clusters/access-control-server/access-control-server.cpp +++ b/src/app/clusters/access-control-server/access-control-server.cpp @@ -501,16 +501,9 @@ CHIP_ERROR AccessControlAttribute::WriteExtension(AttributeValueDecoder & aDecod AccessControlAttribute gAttribute; -AccessControl gAccessControl(Examples::GetAccessControlDelegate()); - } // namespace void MatterAccessControlPluginServerInitCallback() { registerAttributeAccessOverride(&gAttribute); - - // TODO: move access control setup to lower level - // (it's OK and convenient here during development) - gAccessControl.Init(); - SetAccessControl(gAccessControl); } diff --git a/src/app/server/Server.cpp b/src/app/server/Server.cpp index 0a417b8a468c3d..eb76a55b8de02b 100644 --- a/src/app/server/Server.cpp +++ b/src/app/server/Server.cpp @@ -17,6 +17,8 @@ #include +#include + #include #include #include @@ -92,7 +94,7 @@ Server::Server() : .devicePool = &mDevicePool, .dnsResolver = nullptr, }), mCommissioningWindowManager(this), mGroupsProvider(mDeviceStorage), - mAttributePersister(mDeviceStorage) + mAttributePersister(mDeviceStorage), mAccessControl(Access::Examples::GetAccessControlDelegate(&mDeviceStorage)) {} CHIP_ERROR Server::Init(AppDelegate * delegate, uint16_t secureServicePort, uint16_t unsecureServicePort) @@ -128,6 +130,11 @@ CHIP_ERROR Server::Init(AppDelegate * delegate, uint16_t secureServicePort, uint SuccessOrExit(err); SetGroupDataProvider(&mGroupsProvider); + // Access control must be initialized after mDeviceStorage. + err = mAccessControl.Init(); + SuccessOrExit(err); + Access::SetAccessControl(mAccessControl); + // Init transport before operations with secure session mgr. err = mTransports.Init(UdpListenParameters(DeviceLayer::UDPEndPointManager()) .SetAddressType(IPAddressType::kIPv6) diff --git a/src/app/server/Server.h b/src/app/server/Server.h index 161fa579233459..ddd789d6d61355 100644 --- a/src/app/server/Server.h +++ b/src/app/server/Server.h @@ -17,6 +17,7 @@ #pragma once +#include #include #include #include @@ -194,6 +195,8 @@ class Server app::DefaultAttributePersistenceProvider mAttributePersister; GroupDataProviderListener mListener; + Access::AccessControl mAccessControl; + // TODO @ceille: Maybe use OperationalServicePort and CommissionableServicePort uint16_t mSecuredServicePort; uint16_t mUnsecuredServicePort;