From 0f5bcfc856f392c31ce17229b1f941c2b20e28bb Mon Sep 17 00:00:00 2001
From: Marc Lepage <mlepage@google.com>
Date: Fri, 25 Mar 2022 14:09:31 -0400
Subject: [PATCH] Add RemoveFabric to AccessControl

Use the "public" API to delete entries for a fabric.

Tested (on Linux using chip-all-clusters-app and chip-tool) by
commissioning on three fabrics, with 3, 2, and 2 distinct ACLs,
then removing the second (middle) fabric, and verifying that
the remaining 5 ACLs are preserved, even after restart.

Part of issue #13876 (fabric removal and factory reset)
---
 src/access/AccessControl.cpp | 16 ++++++++++++++++
 src/access/AccessControl.h   |  2 ++
 src/app/server/Server.h      |  1 +
 3 files changed, 19 insertions(+)

diff --git a/src/access/AccessControl.cpp b/src/access/AccessControl.cpp
index 2a2f37beb40fa7..f9cb48a20f18b2 100644
--- a/src/access/AccessControl.cpp
+++ b/src/access/AccessControl.cpp
@@ -188,6 +188,22 @@ CHIP_ERROR AccessControl::Finish()
     return retval;
 }
 
+CHIP_ERROR AccessControl::RemoveFabric(FabricIndex fabricIndex)
+{
+    ChipLogProgress(DataManagement, "AccessControl: removing fabric %u", fabricIndex);
+
+    CHIP_ERROR err;
+    do
+    {
+        err = DeleteEntry(0, &fabricIndex);
+    } while (err == CHIP_NO_ERROR);
+
+    // Sentinel error is OK, just means there was no such entry.
+    ReturnErrorCodeIf(err != CHIP_ERROR_SENTINEL, err);
+
+    return CHIP_NO_ERROR;
+}
+
 CHIP_ERROR AccessControl::Check(const SubjectDescriptor & subjectDescriptor, const RequestPath & requestPath,
                                 Privilege requestPrivilege)
 {
diff --git a/src/access/AccessControl.h b/src/access/AccessControl.h
index dd74167f0891d5..be1c268e3628b5 100644
--- a/src/access/AccessControl.h
+++ b/src/access/AccessControl.h
@@ -468,6 +468,8 @@ class AccessControl
         return mDelegate->DeleteEntry(index, fabricIndex);
     }
 
+    CHIP_ERROR RemoveFabric(FabricIndex fabricIndex);
+
     /**
      * Iterates over entries in the access control list.
      *
diff --git a/src/app/server/Server.h b/src/app/server/Server.h
index e05c4ae54b4cb2..0f95bb8dfe8ac9 100644
--- a/src/app/server/Server.h
+++ b/src/app/server/Server.h
@@ -221,6 +221,7 @@ class Server
             {
                 groupDataProvider->RemoveFabric(fabricIndex);
             }
+            Access::GetAccessControl().RemoveFabric(fabricIndex);
         };
         void OnFabricRetrievedFromStorage(FabricInfo * fabricInfo) override { (void) fabricInfo; }