Add ota provider support in android

project-chip · Sep 13, 2023 · 1020723 · 1020723
1 parent 511aafb
commit 1020723
Show file tree

Hide file tree

Showing 9 changed files with 512 additions and 4 deletions.
diff --git a/examples/java-matter-controller/args.gni b/examples/java-matter-controller/args.gni
@@ -24,3 +24,4 @@ chip_project_config_include_dirs =
     [ "${chip_root}/examples/java-matter-controller/include" ]
 chip_project_config_include_dirs += [ "${chip_root}/config/standalone" ]
 chip_stack_lock_tracking = "fatal"
+chip_build_controler_dynamic_server = true
diff --git a/src/app/BUILD.gn b/src/app/BUILD.gn
@@ -14,9 +14,8 @@
 
 import("//build_overrides/chip.gni")
 import("//build_overrides/nlio.gni")
-import("${chip_root}/src/platform/device.gni")
-
 import("${chip_root}/build/chip/buildconfig_header.gni")
+import("${chip_root}/src/platform/device.gni")
 import("common_flags.gni")
 import("icd/icd.gni")
 
@@ -209,6 +208,18 @@ static_library("app") {
     ]
   }
 
+  if (chip_build_controler_dynamic_server) {
+    defines = [ "CHIP_CONFIG_SKIP_APP_SPECIFIC_GENERATED_HEADER_INCLUDES=1" ]
+    sources += [
+      "clusters/ota-provider/ota-provider.cpp",
+      "dynamic_server/AccessControl.cpp",
+      "dynamic_server/AccessControl.h",
+      "dynamic_server/DynamicDispatch.cpp",
+      "util/privilege-storage.cpp",
+      "util/privilege-storage.h",
+    ]
+  }
+
   if (chip_enable_read_client) {
     sources += [
       "BufferedReadCallback.cpp",

diff --git a/src/app/common_flags.gni b/src/app/common_flags.gni
@@ -16,4 +16,5 @@ declare_args() {
   # Temporary flag for interaction model and echo protocols, set it to true to enable
   chip_app_use_echo = false
   chip_enable_read_client = true
+  chip_build_controler_dynamic_server = false
 }
diff --git a/src/app/dynamic_server/AccessControl.cpp b/src/app/dynamic_server/AccessControl.cpp
@@ -0,0 +1,82 @@
+/**
+ *    Copyright (c) 2022-2023 Project CHIP Authors
+ *
+ *    Licensed under the Apache License, Version 2.0 (the "License");
+ *    you may not use this file except in compliance with the License.
+ *    You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *    Unless required by applicable law or agreed to in writing, software
+ *    distributed under the License is distributed on an "AS IS" BASIS,
+ *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *    See the License for the specific language governing permissions and
+ *    limitations under the License.
+ */
+
+#include "AccessControl.h"
+
+#include <access/AccessControl.h>
+#include <access/Privilege.h>
+#include <access/RequestPath.h>
+#include <access/SubjectDescriptor.h>
+#include <app-common/zap-generated/ids/Clusters.h>
+#include <app/InteractionModelEngine.h>
+#include <lib/core/CHIPError.h>
+
+using namespace chip;
+using namespace chip::Access;
+using namespace chip::app::Clusters;
+
+namespace {
+// TODO: Maybe consider making this configurable?  See also
+// DynamicDispatch.cpp.
+constexpr EndpointId kSupportedEndpoint = 0;
+
+class DeviceTypeResolver : public Access::AccessControl::DeviceTypeResolver
+{
+public:
+    bool IsDeviceTypeOnEndpoint(DeviceTypeId deviceType, EndpointId endpoint) override
+    {
+        return app::IsDeviceTypeOnEndpoint(deviceType, endpoint);
+    }
+} gDeviceTypeResolver;
+
+// TODO: Make the policy more configurable by consumers.
+class AccessControlDelegate : public Access::AccessControl::Delegate
+{
+    CHIP_ERROR Check(const SubjectDescriptor & subjectDescriptor, const RequestPath & requestPath,
+                     Privilege requestPrivilege) override
+    {
+        if (requestPath.endpoint != kSupportedEndpoint || requestPath.cluster != OtaSoftwareUpdateProvider::Id)
+        {
+            // We only allow access to OTA software update provider.
+            return CHIP_ERROR_ACCESS_DENIED;
+        }
+
+        if (requestPrivilege != Privilege::kOperate)
+        {
+            // The commands on OtaSoftwareUpdateProvider all require
+            // Operate; we should not be asked for anything else.
+            return CHIP_ERROR_ACCESS_DENIED;
+        }
+
+        if (subjectDescriptor.authMode != AuthMode::kCase && subjectDescriptor.authMode != AuthMode::kPase)
+        {
+            // No idea who is asking; deny for now.
+            return CHIP_ERROR_ACCESS_DENIED;
+        }
+
+        // TODO do we care about the fabric index here?  Probably not.
+
+        return CHIP_NO_ERROR;
+    }
+};
+
+AccessControlDelegate gDelegate;
+} // anonymous namespace
+
+void initAccessControl()
+{
+    GetAccessControl().Init(&gDelegate, gDeviceTypeResolver);
+}
diff --git a/src/app/dynamic_server/AccessControl.h b/src/app/dynamic_server/AccessControl.h
@@ -0,0 +1,22 @@
+/**
+ *    Copyright (c) 2022-2023 Project CHIP Authors
+ *
+ *    Licensed under the Apache License, Version 2.0 (the "License");
+ *    you may not use this file except in compliance with the License.
+ *    You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *    Unless required by applicable law or agreed to in writing, software
+ *    distributed under the License is distributed on an "AS IS" BASIS,
+ *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *    See the License for the specific language governing permissions and
+ *    limitations under the License.
+ */
+#pragma once
+
+/**
+ * Initialize the access control module. Must be called on the Matter task
+ * queue.
+ */
+void initAccessControl();