From 2214850e09dc8d9e647d3d4e64d247e80ceecd44 Mon Sep 17 00:00:00 2001 From: Marc Lepage <67919234+mlepage-google@users.noreply.github.com> Date: Tue, 10 May 2022 11:06:26 -0400 Subject: [PATCH] Enforce length constraints in access control (#17817) Add some APIs for length constraints. Use them in system module and in cluster to enforce length constraints. --- src/access/AccessControl.cpp | 58 +++ src/access/AccessControl.h | 83 ++-- .../examples/ExampleAccessControlDelegate.cpp | 18 + .../access-control-server.cpp | 37 +- .../suites/TestAccessControlCluster.yaml | 101 ++++ .../zap-generated/test/Commands.h | 442 +++++++++++++++++- .../chip-tool/zap-generated/test/Commands.h | 351 +++++++++++++- 7 files changed, 998 insertions(+), 92 deletions(-) diff --git a/src/access/AccessControl.cpp b/src/access/AccessControl.cpp index 58dbe29bb995c2..58789ccaa9115d 100644 --- a/src/access/AccessControl.cpp +++ b/src/access/AccessControl.cpp @@ -193,6 +193,64 @@ CHIP_ERROR AccessControl::Finish() return retval; } +CHIP_ERROR AccessControl::CreateEntry(const SubjectDescriptor * subjectDescriptor, FabricIndex fabric, size_t * index, + const Entry & entry) +{ + VerifyOrReturnError(IsInitialized(), CHIP_ERROR_INCORRECT_STATE); + + size_t count = 0; + size_t maxCount = 0; + ReturnErrorOnFailure(mDelegate->GetEntryCount(fabric, count)); + ReturnErrorOnFailure(mDelegate->GetMaxEntriesPerFabric(maxCount)); + + VerifyOrReturnError((count + 1) <= maxCount, CHIP_ERROR_BUFFER_TOO_SMALL); + + ReturnErrorCodeIf(!IsValid(entry), CHIP_ERROR_INVALID_ARGUMENT); + + size_t i = 0; + ReturnErrorOnFailure(mDelegate->CreateEntry(&i, entry, &fabric)); + + if (index) + { + *index = i; + } + + NotifyEntryChanged(subjectDescriptor, fabric, i, &entry, EntryListener::ChangeType::kAdded); + return CHIP_NO_ERROR; +} + +CHIP_ERROR AccessControl::UpdateEntry(const SubjectDescriptor * subjectDescriptor, FabricIndex fabric, size_t index, + const Entry & entry) +{ + VerifyOrReturnError(IsInitialized(), CHIP_ERROR_INCORRECT_STATE); + ReturnErrorCodeIf(!IsValid(entry), CHIP_ERROR_INVALID_ARGUMENT); + ReturnErrorOnFailure(mDelegate->UpdateEntry(index, entry, &fabric)); + NotifyEntryChanged(subjectDescriptor, fabric, index, &entry, EntryListener::ChangeType::kUpdated); + return CHIP_NO_ERROR; +} + +CHIP_ERROR AccessControl::DeleteEntry(const SubjectDescriptor * subjectDescriptor, FabricIndex fabric, size_t index) +{ + VerifyOrReturnError(IsInitialized(), CHIP_ERROR_INCORRECT_STATE); + Entry entry; + Entry * p = nullptr; + if (mEntryListener != nullptr && ReadEntry(fabric, index, entry) == CHIP_NO_ERROR) + { + p = &entry; + } + ReturnErrorOnFailure(mDelegate->DeleteEntry(index, &fabric)); + if (p && p->HasDefaultDelegate()) + { + // The entry was read prior to deletion so its latest value could be provided + // to the listener after deletion. If it's been reset to its default delegate, + // that best effort attempt to retain the latest value failed. This is + // regrettable but OK. + p = nullptr; + } + NotifyEntryChanged(subjectDescriptor, fabric, index, p, EntryListener::ChangeType::kRemoved); + return CHIP_NO_ERROR; +} + void AccessControl::AddEntryListener(EntryListener & listener) { if (mEntryListener == nullptr) diff --git a/src/access/AccessControl.h b/src/access/AccessControl.h index ca76c4eaba0b6d..6f5836826fa277 100644 --- a/src/access/AccessControl.h +++ b/src/access/AccessControl.h @@ -345,13 +345,29 @@ class AccessControl virtual CHIP_ERROR Finish() { return CHIP_NO_ERROR; } // Capabilities - virtual CHIP_ERROR GetMaxEntryCount(size_t & value) const + virtual CHIP_ERROR GetMaxEntriesPerFabric(size_t & value) const + { + value = 0; + return CHIP_NO_ERROR; + } + + virtual CHIP_ERROR GetMaxSubjectsPerEntry(size_t & value) const { value = 0; return CHIP_NO_ERROR; } - // TODO: add more capabilities + virtual CHIP_ERROR GetMaxTargetsPerEntry(size_t & value) const + { + value = 0; + return CHIP_NO_ERROR; + } + + virtual CHIP_ERROR GetMaxEntryCount(size_t & value) const + { + value = 0; + return CHIP_NO_ERROR; + } // Actualities virtual CHIP_ERROR GetEntryCount(FabricIndex fabric, size_t & value) const @@ -417,6 +433,24 @@ class AccessControl CHIP_ERROR Finish(); // Capabilities + CHIP_ERROR GetMaxEntriesPerFabric(size_t & value) const + { + VerifyOrReturnError(IsInitialized(), CHIP_ERROR_INCORRECT_STATE); + return mDelegate->GetMaxEntriesPerFabric(value); + } + + CHIP_ERROR GetMaxSubjectsPerEntry(size_t & value) const + { + VerifyOrReturnError(IsInitialized(), CHIP_ERROR_INCORRECT_STATE); + return mDelegate->GetMaxSubjectsPerEntry(value); + } + + CHIP_ERROR GetMaxTargetsPerEntry(size_t & value) const + { + VerifyOrReturnError(IsInitialized(), CHIP_ERROR_INCORRECT_STATE); + return mDelegate->GetMaxTargetsPerEntry(value); + } + CHIP_ERROR GetMaxEntryCount(size_t & value) const { VerifyOrReturnError(IsInitialized(), CHIP_ERROR_INCORRECT_STATE); @@ -457,19 +491,7 @@ class AccessControl * @param [out] index (If not nullptr) index of created entry (relative to fabric). * @param [in] entry Entry from which created entry is copied. */ - CHIP_ERROR CreateEntry(const SubjectDescriptor * subjectDescriptor, FabricIndex fabric, size_t * index, const Entry & entry) - { - VerifyOrReturnError(IsInitialized(), CHIP_ERROR_INCORRECT_STATE); - ReturnErrorCodeIf(!IsValid(entry), CHIP_ERROR_INVALID_ARGUMENT); - size_t i; - ReturnErrorOnFailure(mDelegate->CreateEntry(&i, entry, &fabric)); - if (index) - { - *index = i; - } - NotifyEntryChanged(subjectDescriptor, fabric, i, &entry, EntryListener::ChangeType::kAdded); - return CHIP_NO_ERROR; - } + CHIP_ERROR CreateEntry(const SubjectDescriptor * subjectDescriptor, FabricIndex fabric, size_t * index, const Entry & entry); /** * Creates an entry in the access control list. @@ -519,14 +541,7 @@ class AccessControl * @param [in] index Index of entry to update (relative to fabric). * @param [in] entry Entry from which updated entry is copied. */ - CHIP_ERROR UpdateEntry(const SubjectDescriptor * subjectDescriptor, FabricIndex fabric, size_t index, const Entry & entry) - { - VerifyOrReturnError(IsInitialized(), CHIP_ERROR_INCORRECT_STATE); - ReturnErrorCodeIf(!IsValid(entry), CHIP_ERROR_INVALID_ARGUMENT); - ReturnErrorOnFailure(mDelegate->UpdateEntry(index, entry, &fabric)); - NotifyEntryChanged(subjectDescriptor, fabric, index, &entry, EntryListener::ChangeType::kUpdated); - return CHIP_NO_ERROR; - } + CHIP_ERROR UpdateEntry(const SubjectDescriptor * subjectDescriptor, FabricIndex fabric, size_t index, const Entry & entry); /** * Updates an entry in the access control list. @@ -549,27 +564,7 @@ class AccessControl * @param [in] fabric Index of fabric in which to delete entry. * @param [in] index Index of entry to delete (relative to fabric). */ - CHIP_ERROR DeleteEntry(const SubjectDescriptor * subjectDescriptor, FabricIndex fabric, size_t index) - { - VerifyOrReturnError(IsInitialized(), CHIP_ERROR_INCORRECT_STATE); - Entry entry; - Entry * p = nullptr; - if (mEntryListener != nullptr && ReadEntry(fabric, index, entry) == CHIP_NO_ERROR) - { - p = &entry; - } - ReturnErrorOnFailure(mDelegate->DeleteEntry(index, &fabric)); - if (p && p->HasDefaultDelegate()) - { - // The entry was read prior to deletion so its latest value could be provided - // to the listener after deletion. If it's been reset to its default delegate, - // that best effort attempt to retain the latest value failed. This is - // regretable but OK. - p = nullptr; - } - NotifyEntryChanged(subjectDescriptor, fabric, index, p, EntryListener::ChangeType::kRemoved); - return CHIP_NO_ERROR; - } + CHIP_ERROR DeleteEntry(const SubjectDescriptor * subjectDescriptor, FabricIndex fabric, size_t index); /** * Deletes an entry from the access control list. diff --git a/src/access/examples/ExampleAccessControlDelegate.cpp b/src/access/examples/ExampleAccessControlDelegate.cpp index 866c7d65beb84d..d56d96be0cbfd5 100644 --- a/src/access/examples/ExampleAccessControlDelegate.cpp +++ b/src/access/examples/ExampleAccessControlDelegate.cpp @@ -971,6 +971,24 @@ class AccessControlDelegate : public AccessControl::Delegate return CHIP_NO_ERROR; } + CHIP_ERROR GetMaxEntriesPerFabric(size_t & value) const override + { + value = EntryStorage::kEntriesPerFabric; + return CHIP_NO_ERROR; + } + + CHIP_ERROR GetMaxSubjectsPerEntry(size_t & value) const override + { + value = EntryStorage::kMaxSubjects; + return CHIP_NO_ERROR; + } + + CHIP_ERROR GetMaxTargetsPerEntry(size_t & value) const override + { + value = EntryStorage::kMaxTargets; + return CHIP_NO_ERROR; + } + CHIP_ERROR GetMaxEntryCount(size_t & value) const override { value = ArraySize(EntryStorage::acl); diff --git a/src/app/clusters/access-control-server/access-control-server.cpp b/src/app/clusters/access-control-server/access-control-server.cpp index a9a953085c4145..33ddd2979a3a2a 100644 --- a/src/app/clusters/access-control-server/access-control-server.cpp +++ b/src/app/clusters/access-control-server/access-control-server.cpp @@ -104,20 +104,20 @@ CHIP_ERROR AccessControlAttribute::Read(const ConcreteReadAttributePath & aPath, return ReadAcl(aEncoder); case AccessControlCluster::Attributes::Extension::Id: return ReadExtension(aEncoder); - // TODO(#14455): use API to get actual capabilities case AccessControlCluster::Attributes::SubjectsPerAccessControlEntry::Id: { - uint16_t value = CHIP_CONFIG_EXAMPLE_ACCESS_CONTROL_MAX_SUBJECTS_PER_ENTRY; - return aEncoder.Encode(value); + size_t value = 0; + ReturnErrorOnFailure(GetAccessControl().GetMaxSubjectsPerEntry(value)); + return aEncoder.Encode(static_cast(value)); } - // TODO(#14455): use API to get actual capabilities case AccessControlCluster::Attributes::TargetsPerAccessControlEntry::Id: { - uint16_t value = CHIP_CONFIG_EXAMPLE_ACCESS_CONTROL_MAX_TARGETS_PER_ENTRY; - return aEncoder.Encode(value); + size_t value = 0; + ReturnErrorOnFailure(GetAccessControl().GetMaxTargetsPerEntry(value)); + return aEncoder.Encode(static_cast(value)); } - // TODO(#14455): use API to get actual capabilities case AccessControlCluster::Attributes::AccessControlEntriesPerFabric::Id: { - uint16_t value = CHIP_CONFIG_EXAMPLE_ACCESS_CONTROL_MAX_ENTRIES_PER_FABRIC; - return aEncoder.Encode(value); + size_t value = 0; + ReturnErrorOnFailure(GetAccessControl().GetMaxEntriesPerFabric(value)); + return aEncoder.Encode(static_cast(value)); } case AccessControlCluster::Attributes::ClusterRevision::Id: return aEncoder.Encode(kClusterRevision); @@ -193,23 +193,20 @@ CHIP_ERROR AccessControlAttribute::WriteAcl(const ConcreteDataAttributePath & aP { FabricIndex accessingFabricIndex = aDecoder.AccessingFabricIndex(); + size_t oldCount; + ReturnErrorOnFailure(GetAccessControl().GetEntryCount(accessingFabricIndex, oldCount)); + size_t maxCount; + ReturnErrorOnFailure(GetAccessControl().GetMaxEntriesPerFabric(maxCount)); + if (!aPath.IsListItemOperation()) { DataModel::DecodableList list; ReturnErrorOnFailure(aDecoder.Decode(list)); - size_t allCount; - size_t oldCount; size_t newCount; - size_t maxCount; - - ReturnErrorOnFailure(GetAccessControl().GetEntryCount(allCount)); - ReturnErrorOnFailure(GetAccessControl().GetEntryCount(accessingFabricIndex, oldCount)); ReturnErrorOnFailure(list.ComputeSize(&newCount)); - ReturnErrorOnFailure(GetAccessControl().GetMaxEntryCount(maxCount)); - VerifyOrReturnError(allCount >= oldCount, CHIP_ERROR_INTERNAL); - VerifyOrReturnError(static_cast(allCount - oldCount + newCount) <= maxCount, - CHIP_IM_GLOBAL_STATUS(ConstraintError)); + + VerifyOrReturnError(newCount <= maxCount, CHIP_IM_GLOBAL_STATUS(ResourceExhausted)); auto iterator = list.begin(); size_t i = 0; @@ -237,6 +234,8 @@ CHIP_ERROR AccessControlAttribute::WriteAcl(const ConcreteDataAttributePath & aP } else if (aPath.mListOp == ConcreteDataAttributePath::ListOperation::AppendItem) { + VerifyOrReturnError((oldCount + 1) <= maxCount, CHIP_IM_GLOBAL_STATUS(ResourceExhausted)); + AclStorage::DecodableEntry decodableEntry; ReturnErrorOnFailure(aDecoder.Decode(decodableEntry)); diff --git a/src/app/tests/suites/TestAccessControlCluster.yaml b/src/app/tests/suites/TestAccessControlCluster.yaml index b0373539ff1e54..86b2d9a8645cb1 100644 --- a/src/app/tests/suites/TestAccessControlCluster.yaml +++ b/src/app/tests/suites/TestAccessControlCluster.yaml @@ -423,6 +423,107 @@ tests: }, ] + - label: "Write too many entries" + command: "writeAttribute" + attribute: "ACL" + arguments: + value: [ + { + FabricIndex: 0, + Privilege: 5, # administer + AuthMode: 2, # case + Subjects: null, + Targets: + [ + { Cluster: null, Endpoint: 0, DeviceType: null }, + { Cluster: 1, Endpoint: null, DeviceType: null }, + { Cluster: 2, Endpoint: 3, DeviceType: null }, + ], + }, + { + FabricIndex: 0, + Privilege: 1, # view + AuthMode: 2, # case + Subjects: [4, 5, 6, 7], + Targets: + [ + { Cluster: null, Endpoint: 8, DeviceType: null }, + { Cluster: 9, Endpoint: null, DeviceType: null }, + { Cluster: 10, Endpoint: 11, DeviceType: null }, + ], + }, + { + FabricIndex: 0, + Privilege: 3, # operate + AuthMode: 3, # group + Subjects: [12, 13, 14, 15], + Targets: + [ + { Cluster: null, Endpoint: 16, DeviceType: null }, + { Cluster: 17, Endpoint: null, DeviceType: null }, + { Cluster: 18, Endpoint: 19, DeviceType: null }, + ], + }, + { + FabricIndex: 0, + Privilege: 1, # view + AuthMode: 2, # case + Subjects: [20, 21, 22, 23], + Targets: + [ + { Cluster: null, Endpoint: 24, DeviceType: null }, + { Cluster: 25, Endpoint: null, DeviceType: null }, + { Cluster: 26, Endpoint: 27, DeviceType: null }, + ], + }, + ] + response: + error: RESOURCE_EXHAUSTED + + - label: "Verify" + command: "readAttribute" + attribute: "ACL" + response: + value: [ + { + FabricIndex: 1, + Privilege: 5, # administer + AuthMode: 2, # case + Subjects: null, + Targets: + [ + { Cluster: null, Endpoint: 0, DeviceType: null }, + { Cluster: 1, Endpoint: null, DeviceType: null }, + { Cluster: 2, Endpoint: 3, DeviceType: null }, + ], + }, + { + FabricIndex: 1, + Privilege: 1, # view + AuthMode: 2, # case + Subjects: [4, 5, 6, 7], + Targets: + [ + { Cluster: null, Endpoint: 8, DeviceType: null }, + { Cluster: 9, Endpoint: null, DeviceType: null }, + { Cluster: 10, Endpoint: 11, DeviceType: null }, + ], + }, + { + FabricIndex: 1, + Privilege: 3, # operate + AuthMode: 3, # group + Subjects: [12, 13, 14, 15], + Targets: + [ + { Cluster: null, Endpoint: 16, DeviceType: null }, + { Cluster: 17, Endpoint: null, DeviceType: null }, + { Cluster: 18, Endpoint: 19, DeviceType: null }, + ], + }, + ] + + # note missing last entry - label: "Restore ACL" command: "writeAttribute" attribute: "ACL" diff --git a/zzz_generated/chip-tool-darwin/zap-generated/test/Commands.h b/zzz_generated/chip-tool-darwin/zap-generated/test/Commands.h index 22950d5ec073ae..29bd28264b455e 100644 --- a/zzz_generated/chip-tool-darwin/zap-generated/test/Commands.h +++ b/zzz_generated/chip-tool-darwin/zap-generated/test/Commands.h @@ -339,24 +339,32 @@ class TestAccessControlCluster : public TestCommandBridge { err = TestVerify_16(); break; case 17: - ChipLogProgress(chipTool, " ***** Test Step 17 : Restore ACL\n"); - err = TestRestoreAcl_17(); + ChipLogProgress(chipTool, " ***** Test Step 17 : Write too many entries\n"); + err = TestWriteTooManyEntries_17(); break; case 18: ChipLogProgress(chipTool, " ***** Test Step 18 : Verify\n"); err = TestVerify_18(); break; case 19: - ChipLogProgress(chipTool, " ***** Test Step 19 : Validate resource minima (SubjectsPerAccessControlEntry)\n"); - err = TestValidateResourceMinimaSubjectsPerAccessControlEntry_19(); + ChipLogProgress(chipTool, " ***** Test Step 19 : Restore ACL\n"); + err = TestRestoreAcl_19(); break; case 20: - ChipLogProgress(chipTool, " ***** Test Step 20 : Validate resource minima (TargetsPerAccessControlEntry)\n"); - err = TestValidateResourceMinimaTargetsPerAccessControlEntry_20(); + ChipLogProgress(chipTool, " ***** Test Step 20 : Verify\n"); + err = TestVerify_20(); break; case 21: - ChipLogProgress(chipTool, " ***** Test Step 21 : Validate resource minima (AccessControlEntriesPerFabric)\n"); - err = TestValidateResourceMinimaAccessControlEntriesPerFabric_21(); + ChipLogProgress(chipTool, " ***** Test Step 21 : Validate resource minima (SubjectsPerAccessControlEntry)\n"); + err = TestValidateResourceMinimaSubjectsPerAccessControlEntry_21(); + break; + case 22: + ChipLogProgress(chipTool, " ***** Test Step 22 : Validate resource minima (TargetsPerAccessControlEntry)\n"); + err = TestValidateResourceMinimaTargetsPerAccessControlEntry_22(); + break; + case 23: + ChipLogProgress(chipTool, " ***** Test Step 23 : Validate resource minima (AccessControlEntriesPerFabric)\n"); + err = TestValidateResourceMinimaAccessControlEntriesPerFabric_23(); break; } @@ -421,7 +429,7 @@ class TestAccessControlCluster : public TestCommandBridge { VerifyOrReturn(CheckValue("status", chip::to_underlying(status.mStatus), 0)); break; case 17: - VerifyOrReturn(CheckValue("status", chip::to_underlying(status.mStatus), 0)); + VerifyOrReturn(CheckValue("status", chip::to_underlying(status.mStatus), EMBER_ZCL_STATUS_RESOURCE_EXHAUSTED)); break; case 18: VerifyOrReturn(CheckValue("status", chip::to_underlying(status.mStatus), 0)); @@ -435,6 +443,12 @@ class TestAccessControlCluster : public TestCommandBridge { case 21: VerifyOrReturn(CheckValue("status", chip::to_underlying(status.mStatus), 0)); break; + case 22: + VerifyOrReturn(CheckValue("status", chip::to_underlying(status.mStatus), 0)); + break; + case 23: + VerifyOrReturn(CheckValue("status", chip::to_underlying(status.mStatus), 0)); + break; } // Go on to the next test. @@ -448,7 +462,7 @@ class TestAccessControlCluster : public TestCommandBridge { private: std::atomic_uint16_t mTestIndex; - const uint16_t mTestCount = 22; + const uint16_t mTestCount = 24; chip::Optional mNodeId; chip::Optional mCluster; @@ -1482,7 +1496,405 @@ class TestAccessControlCluster : public TestCommandBridge { return CHIP_NO_ERROR; } - CHIP_ERROR TestRestoreAcl_17() + CHIP_ERROR TestWriteTooManyEntries_17() + { + CHIPDevice * device = GetDevice("alpha"); + CHIPTestAccessControl * cluster = [[CHIPTestAccessControl alloc] initWithDevice:device endpoint:0 queue:mCallbackQueue]; + VerifyOrReturnError(cluster != nil, CHIP_ERROR_INCORRECT_STATE); + + id aclArgument; + { + NSMutableArray * temp_0 = [[NSMutableArray alloc] init]; + temp_0[0] = [[CHIPAccessControlClusterAccessControlEntry alloc] init]; + ((CHIPAccessControlClusterAccessControlEntry *) temp_0[0]).privilege = [NSNumber numberWithUnsignedChar:5]; + ((CHIPAccessControlClusterAccessControlEntry *) temp_0[0]).authMode = [NSNumber numberWithUnsignedChar:2]; + ((CHIPAccessControlClusterAccessControlEntry *) temp_0[0]).subjects = nil; + { + NSMutableArray * temp_3 = [[NSMutableArray alloc] init]; + temp_3[0] = [[CHIPAccessControlClusterTarget alloc] init]; + ((CHIPAccessControlClusterTarget *) temp_3[0]).cluster = nil; + ((CHIPAccessControlClusterTarget *) temp_3[0]).endpoint = [NSNumber numberWithUnsignedShort:0U]; + ((CHIPAccessControlClusterTarget *) temp_3[0]).deviceType = nil; + + temp_3[1] = [[CHIPAccessControlClusterTarget alloc] init]; + ((CHIPAccessControlClusterTarget *) temp_3[1]).cluster = [NSNumber numberWithUnsignedInt:1UL]; + ((CHIPAccessControlClusterTarget *) temp_3[1]).endpoint = nil; + ((CHIPAccessControlClusterTarget *) temp_3[1]).deviceType = nil; + + temp_3[2] = [[CHIPAccessControlClusterTarget alloc] init]; + ((CHIPAccessControlClusterTarget *) temp_3[2]).cluster = [NSNumber numberWithUnsignedInt:2UL]; + ((CHIPAccessControlClusterTarget *) temp_3[2]).endpoint = [NSNumber numberWithUnsignedShort:3U]; + ((CHIPAccessControlClusterTarget *) temp_3[2]).deviceType = nil; + + ((CHIPAccessControlClusterAccessControlEntry *) temp_0[0]).targets = temp_3; + } + ((CHIPAccessControlClusterAccessControlEntry *) temp_0[0]).fabricIndex = [NSNumber numberWithUnsignedChar:0]; + + temp_0[1] = [[CHIPAccessControlClusterAccessControlEntry alloc] init]; + ((CHIPAccessControlClusterAccessControlEntry *) temp_0[1]).privilege = [NSNumber numberWithUnsignedChar:1]; + ((CHIPAccessControlClusterAccessControlEntry *) temp_0[1]).authMode = [NSNumber numberWithUnsignedChar:2]; + { + NSMutableArray * temp_3 = [[NSMutableArray alloc] init]; + temp_3[0] = [NSNumber numberWithUnsignedLongLong:4ULL]; + temp_3[1] = [NSNumber numberWithUnsignedLongLong:5ULL]; + temp_3[2] = [NSNumber numberWithUnsignedLongLong:6ULL]; + temp_3[3] = [NSNumber numberWithUnsignedLongLong:7ULL]; + ((CHIPAccessControlClusterAccessControlEntry *) temp_0[1]).subjects = temp_3; + } + { + NSMutableArray * temp_3 = [[NSMutableArray alloc] init]; + temp_3[0] = [[CHIPAccessControlClusterTarget alloc] init]; + ((CHIPAccessControlClusterTarget *) temp_3[0]).cluster = nil; + ((CHIPAccessControlClusterTarget *) temp_3[0]).endpoint = [NSNumber numberWithUnsignedShort:8U]; + ((CHIPAccessControlClusterTarget *) temp_3[0]).deviceType = nil; + + temp_3[1] = [[CHIPAccessControlClusterTarget alloc] init]; + ((CHIPAccessControlClusterTarget *) temp_3[1]).cluster = [NSNumber numberWithUnsignedInt:9UL]; + ((CHIPAccessControlClusterTarget *) temp_3[1]).endpoint = nil; + ((CHIPAccessControlClusterTarget *) temp_3[1]).deviceType = nil; + + temp_3[2] = [[CHIPAccessControlClusterTarget alloc] init]; + ((CHIPAccessControlClusterTarget *) temp_3[2]).cluster = [NSNumber numberWithUnsignedInt:10UL]; + ((CHIPAccessControlClusterTarget *) temp_3[2]).endpoint = [NSNumber numberWithUnsignedShort:11U]; + ((CHIPAccessControlClusterTarget *) temp_3[2]).deviceType = nil; + + ((CHIPAccessControlClusterAccessControlEntry *) temp_0[1]).targets = temp_3; + } + ((CHIPAccessControlClusterAccessControlEntry *) temp_0[1]).fabricIndex = [NSNumber numberWithUnsignedChar:0]; + + temp_0[2] = [[CHIPAccessControlClusterAccessControlEntry alloc] init]; + ((CHIPAccessControlClusterAccessControlEntry *) temp_0[2]).privilege = [NSNumber numberWithUnsignedChar:3]; + ((CHIPAccessControlClusterAccessControlEntry *) temp_0[2]).authMode = [NSNumber numberWithUnsignedChar:3]; + { + NSMutableArray * temp_3 = [[NSMutableArray alloc] init]; + temp_3[0] = [NSNumber numberWithUnsignedLongLong:12ULL]; + temp_3[1] = [NSNumber numberWithUnsignedLongLong:13ULL]; + temp_3[2] = [NSNumber numberWithUnsignedLongLong:14ULL]; + temp_3[3] = [NSNumber numberWithUnsignedLongLong:15ULL]; + ((CHIPAccessControlClusterAccessControlEntry *) temp_0[2]).subjects = temp_3; + } + { + NSMutableArray * temp_3 = [[NSMutableArray alloc] init]; + temp_3[0] = [[CHIPAccessControlClusterTarget alloc] init]; + ((CHIPAccessControlClusterTarget *) temp_3[0]).cluster = nil; + ((CHIPAccessControlClusterTarget *) temp_3[0]).endpoint = [NSNumber numberWithUnsignedShort:16U]; + ((CHIPAccessControlClusterTarget *) temp_3[0]).deviceType = nil; + + temp_3[1] = [[CHIPAccessControlClusterTarget alloc] init]; + ((CHIPAccessControlClusterTarget *) temp_3[1]).cluster = [NSNumber numberWithUnsignedInt:17UL]; + ((CHIPAccessControlClusterTarget *) temp_3[1]).endpoint = nil; + ((CHIPAccessControlClusterTarget *) temp_3[1]).deviceType = nil; + + temp_3[2] = [[CHIPAccessControlClusterTarget alloc] init]; + ((CHIPAccessControlClusterTarget *) temp_3[2]).cluster = [NSNumber numberWithUnsignedInt:18UL]; + ((CHIPAccessControlClusterTarget *) temp_3[2]).endpoint = [NSNumber numberWithUnsignedShort:19U]; + ((CHIPAccessControlClusterTarget *) temp_3[2]).deviceType = nil; + + ((CHIPAccessControlClusterAccessControlEntry *) temp_0[2]).targets = temp_3; + } + ((CHIPAccessControlClusterAccessControlEntry *) temp_0[2]).fabricIndex = [NSNumber numberWithUnsignedChar:0]; + + temp_0[3] = [[CHIPAccessControlClusterAccessControlEntry alloc] init]; + ((CHIPAccessControlClusterAccessControlEntry *) temp_0[3]).privilege = [NSNumber numberWithUnsignedChar:1]; + ((CHIPAccessControlClusterAccessControlEntry *) temp_0[3]).authMode = [NSNumber numberWithUnsignedChar:2]; + { + NSMutableArray * temp_3 = [[NSMutableArray alloc] init]; + temp_3[0] = [NSNumber numberWithUnsignedLongLong:20ULL]; + temp_3[1] = [NSNumber numberWithUnsignedLongLong:21ULL]; + temp_3[2] = [NSNumber numberWithUnsignedLongLong:22ULL]; + temp_3[3] = [NSNumber numberWithUnsignedLongLong:23ULL]; + ((CHIPAccessControlClusterAccessControlEntry *) temp_0[3]).subjects = temp_3; + } + { + NSMutableArray * temp_3 = [[NSMutableArray alloc] init]; + temp_3[0] = [[CHIPAccessControlClusterTarget alloc] init]; + ((CHIPAccessControlClusterTarget *) temp_3[0]).cluster = nil; + ((CHIPAccessControlClusterTarget *) temp_3[0]).endpoint = [NSNumber numberWithUnsignedShort:24U]; + ((CHIPAccessControlClusterTarget *) temp_3[0]).deviceType = nil; + + temp_3[1] = [[CHIPAccessControlClusterTarget alloc] init]; + ((CHIPAccessControlClusterTarget *) temp_3[1]).cluster = [NSNumber numberWithUnsignedInt:25UL]; + ((CHIPAccessControlClusterTarget *) temp_3[1]).endpoint = nil; + ((CHIPAccessControlClusterTarget *) temp_3[1]).deviceType = nil; + + temp_3[2] = [[CHIPAccessControlClusterTarget alloc] init]; + ((CHIPAccessControlClusterTarget *) temp_3[2]).cluster = [NSNumber numberWithUnsignedInt:26UL]; + ((CHIPAccessControlClusterTarget *) temp_3[2]).endpoint = [NSNumber numberWithUnsignedShort:27U]; + ((CHIPAccessControlClusterTarget *) temp_3[2]).deviceType = nil; + + ((CHIPAccessControlClusterAccessControlEntry *) temp_0[3]).targets = temp_3; + } + ((CHIPAccessControlClusterAccessControlEntry *) temp_0[3]).fabricIndex = [NSNumber numberWithUnsignedChar:0]; + + aclArgument = temp_0; + } + [cluster writeAttributeAclWithValue:aclArgument + completionHandler:^(NSError * _Nullable err) { + NSLog(@"Write too many entries Error: %@", err); + + VerifyOrReturn(CheckValue("status", err, EMBER_ZCL_STATUS_RESOURCE_EXHAUSTED)); + NextTest(); + }]; + + return CHIP_NO_ERROR; + } + + CHIP_ERROR TestVerify_18() + { + CHIPDevice * device = GetDevice("alpha"); + CHIPTestAccessControl * cluster = [[CHIPTestAccessControl alloc] initWithDevice:device endpoint:0 queue:mCallbackQueue]; + VerifyOrReturnError(cluster != nil, CHIP_ERROR_INCORRECT_STATE); + + CHIPReadParams * params = [[CHIPReadParams alloc] init]; + params.fabricFiltered = [NSNumber numberWithBool:true]; + [cluster + readAttributeAclWithParams:params + completionHandler:^(NSArray * _Nullable value, NSError * _Nullable err) { + NSLog(@"Verify Error: %@", err); + + VerifyOrReturn(CheckValue("status", err, 0)); + + { + id actualValue = value; + VerifyOrReturn(CheckValue("ACL", [actualValue count], static_cast(3))); + VerifyOrReturn(CheckValue( + "Privilege", ((CHIPAccessControlClusterAccessControlEntry *) actualValue[0]).privilege, 5)); + VerifyOrReturn(CheckValue( + "AuthMode", ((CHIPAccessControlClusterAccessControlEntry *) actualValue[0]).authMode, 2)); + VerifyOrReturn(CheckValueNull( + "Subjects", ((CHIPAccessControlClusterAccessControlEntry *) actualValue[0]).subjects)); + VerifyOrReturn(CheckValueNonNull( + "Targets", ((CHIPAccessControlClusterAccessControlEntry *) actualValue[0]).targets)); + VerifyOrReturn(CheckValue("Targets", + [((CHIPAccessControlClusterAccessControlEntry *) actualValue[0]).targets count], + static_cast(3))); + VerifyOrReturn(CheckValueNull("Cluster", + ((CHIPAccessControlClusterTarget *) ((CHIPAccessControlClusterAccessControlEntry *) actualValue[0]) + .targets[0]) + .cluster)); + VerifyOrReturn(CheckValueNonNull("Endpoint", + ((CHIPAccessControlClusterTarget *) ((CHIPAccessControlClusterAccessControlEntry *) actualValue[0]) + .targets[0]) + .endpoint)); + VerifyOrReturn(CheckValue("Endpoint", + ((CHIPAccessControlClusterTarget *) ((CHIPAccessControlClusterAccessControlEntry *) actualValue[0]) + .targets[0]) + .endpoint, + 0U)); + VerifyOrReturn(CheckValueNull("DeviceType", + ((CHIPAccessControlClusterTarget *) ((CHIPAccessControlClusterAccessControlEntry *) actualValue[0]) + .targets[0]) + .deviceType)); + VerifyOrReturn(CheckValueNonNull("Cluster", + ((CHIPAccessControlClusterTarget *) ((CHIPAccessControlClusterAccessControlEntry *) actualValue[0]) + .targets[1]) + .cluster)); + VerifyOrReturn(CheckValue("Cluster", + ((CHIPAccessControlClusterTarget *) ((CHIPAccessControlClusterAccessControlEntry *) actualValue[0]) + .targets[1]) + .cluster, + 1UL)); + VerifyOrReturn(CheckValueNull("Endpoint", + ((CHIPAccessControlClusterTarget *) ((CHIPAccessControlClusterAccessControlEntry *) actualValue[0]) + .targets[1]) + .endpoint)); + VerifyOrReturn(CheckValueNull("DeviceType", + ((CHIPAccessControlClusterTarget *) ((CHIPAccessControlClusterAccessControlEntry *) actualValue[0]) + .targets[1]) + .deviceType)); + VerifyOrReturn(CheckValueNonNull("Cluster", + ((CHIPAccessControlClusterTarget *) ((CHIPAccessControlClusterAccessControlEntry *) actualValue[0]) + .targets[2]) + .cluster)); + VerifyOrReturn(CheckValue("Cluster", + ((CHIPAccessControlClusterTarget *) ((CHIPAccessControlClusterAccessControlEntry *) actualValue[0]) + .targets[2]) + .cluster, + 2UL)); + VerifyOrReturn(CheckValueNonNull("Endpoint", + ((CHIPAccessControlClusterTarget *) ((CHIPAccessControlClusterAccessControlEntry *) actualValue[0]) + .targets[2]) + .endpoint)); + VerifyOrReturn(CheckValue("Endpoint", + ((CHIPAccessControlClusterTarget *) ((CHIPAccessControlClusterAccessControlEntry *) actualValue[0]) + .targets[2]) + .endpoint, + 3U)); + VerifyOrReturn(CheckValueNull("DeviceType", + ((CHIPAccessControlClusterTarget *) ((CHIPAccessControlClusterAccessControlEntry *) actualValue[0]) + .targets[2]) + .deviceType)); + VerifyOrReturn(CheckValue( + "FabricIndex", ((CHIPAccessControlClusterAccessControlEntry *) actualValue[0]).fabricIndex, 1)); + VerifyOrReturn(CheckValue( + "Privilege", ((CHIPAccessControlClusterAccessControlEntry *) actualValue[1]).privilege, 1)); + VerifyOrReturn(CheckValue( + "AuthMode", ((CHIPAccessControlClusterAccessControlEntry *) actualValue[1]).authMode, 2)); + VerifyOrReturn(CheckValueNonNull( + "Subjects", ((CHIPAccessControlClusterAccessControlEntry *) actualValue[1]).subjects)); + VerifyOrReturn(CheckValue("Subjects", + [((CHIPAccessControlClusterAccessControlEntry *) actualValue[1]).subjects count], + static_cast(4))); + VerifyOrReturn( + CheckValue("", ((CHIPAccessControlClusterAccessControlEntry *) actualValue[1]).subjects[0], 4ULL)); + VerifyOrReturn( + CheckValue("", ((CHIPAccessControlClusterAccessControlEntry *) actualValue[1]).subjects[1], 5ULL)); + VerifyOrReturn( + CheckValue("", ((CHIPAccessControlClusterAccessControlEntry *) actualValue[1]).subjects[2], 6ULL)); + VerifyOrReturn( + CheckValue("", ((CHIPAccessControlClusterAccessControlEntry *) actualValue[1]).subjects[3], 7ULL)); + VerifyOrReturn(CheckValueNonNull( + "Targets", ((CHIPAccessControlClusterAccessControlEntry *) actualValue[1]).targets)); + VerifyOrReturn(CheckValue("Targets", + [((CHIPAccessControlClusterAccessControlEntry *) actualValue[1]).targets count], + static_cast(3))); + VerifyOrReturn(CheckValueNull("Cluster", + ((CHIPAccessControlClusterTarget *) ((CHIPAccessControlClusterAccessControlEntry *) actualValue[1]) + .targets[0]) + .cluster)); + VerifyOrReturn(CheckValueNonNull("Endpoint", + ((CHIPAccessControlClusterTarget *) ((CHIPAccessControlClusterAccessControlEntry *) actualValue[1]) + .targets[0]) + .endpoint)); + VerifyOrReturn(CheckValue("Endpoint", + ((CHIPAccessControlClusterTarget *) ((CHIPAccessControlClusterAccessControlEntry *) actualValue[1]) + .targets[0]) + .endpoint, + 8U)); + VerifyOrReturn(CheckValueNull("DeviceType", + ((CHIPAccessControlClusterTarget *) ((CHIPAccessControlClusterAccessControlEntry *) actualValue[1]) + .targets[0]) + .deviceType)); + VerifyOrReturn(CheckValueNonNull("Cluster", + ((CHIPAccessControlClusterTarget *) ((CHIPAccessControlClusterAccessControlEntry *) actualValue[1]) + .targets[1]) + .cluster)); + VerifyOrReturn(CheckValue("Cluster", + ((CHIPAccessControlClusterTarget *) ((CHIPAccessControlClusterAccessControlEntry *) actualValue[1]) + .targets[1]) + .cluster, + 9UL)); + VerifyOrReturn(CheckValueNull("Endpoint", + ((CHIPAccessControlClusterTarget *) ((CHIPAccessControlClusterAccessControlEntry *) actualValue[1]) + .targets[1]) + .endpoint)); + VerifyOrReturn(CheckValueNull("DeviceType", + ((CHIPAccessControlClusterTarget *) ((CHIPAccessControlClusterAccessControlEntry *) actualValue[1]) + .targets[1]) + .deviceType)); + VerifyOrReturn(CheckValueNonNull("Cluster", + ((CHIPAccessControlClusterTarget *) ((CHIPAccessControlClusterAccessControlEntry *) actualValue[1]) + .targets[2]) + .cluster)); + VerifyOrReturn(CheckValue("Cluster", + ((CHIPAccessControlClusterTarget *) ((CHIPAccessControlClusterAccessControlEntry *) actualValue[1]) + .targets[2]) + .cluster, + 10UL)); + VerifyOrReturn(CheckValueNonNull("Endpoint", + ((CHIPAccessControlClusterTarget *) ((CHIPAccessControlClusterAccessControlEntry *) actualValue[1]) + .targets[2]) + .endpoint)); + VerifyOrReturn(CheckValue("Endpoint", + ((CHIPAccessControlClusterTarget *) ((CHIPAccessControlClusterAccessControlEntry *) actualValue[1]) + .targets[2]) + .endpoint, + 11U)); + VerifyOrReturn(CheckValueNull("DeviceType", + ((CHIPAccessControlClusterTarget *) ((CHIPAccessControlClusterAccessControlEntry *) actualValue[1]) + .targets[2]) + .deviceType)); + VerifyOrReturn(CheckValue( + "FabricIndex", ((CHIPAccessControlClusterAccessControlEntry *) actualValue[1]).fabricIndex, 1)); + VerifyOrReturn(CheckValue( + "Privilege", ((CHIPAccessControlClusterAccessControlEntry *) actualValue[2]).privilege, 3)); + VerifyOrReturn(CheckValue( + "AuthMode", ((CHIPAccessControlClusterAccessControlEntry *) actualValue[2]).authMode, 3)); + VerifyOrReturn(CheckValueNonNull( + "Subjects", ((CHIPAccessControlClusterAccessControlEntry *) actualValue[2]).subjects)); + VerifyOrReturn(CheckValue("Subjects", + [((CHIPAccessControlClusterAccessControlEntry *) actualValue[2]).subjects count], + static_cast(4))); + VerifyOrReturn(CheckValue( + "", ((CHIPAccessControlClusterAccessControlEntry *) actualValue[2]).subjects[0], 12ULL)); + VerifyOrReturn(CheckValue( + "", ((CHIPAccessControlClusterAccessControlEntry *) actualValue[2]).subjects[1], 13ULL)); + VerifyOrReturn(CheckValue( + "", ((CHIPAccessControlClusterAccessControlEntry *) actualValue[2]).subjects[2], 14ULL)); + VerifyOrReturn(CheckValue( + "", ((CHIPAccessControlClusterAccessControlEntry *) actualValue[2]).subjects[3], 15ULL)); + VerifyOrReturn(CheckValueNonNull( + "Targets", ((CHIPAccessControlClusterAccessControlEntry *) actualValue[2]).targets)); + VerifyOrReturn(CheckValue("Targets", + [((CHIPAccessControlClusterAccessControlEntry *) actualValue[2]).targets count], + static_cast(3))); + VerifyOrReturn(CheckValueNull("Cluster", + ((CHIPAccessControlClusterTarget *) ((CHIPAccessControlClusterAccessControlEntry *) actualValue[2]) + .targets[0]) + .cluster)); + VerifyOrReturn(CheckValueNonNull("Endpoint", + ((CHIPAccessControlClusterTarget *) ((CHIPAccessControlClusterAccessControlEntry *) actualValue[2]) + .targets[0]) + .endpoint)); + VerifyOrReturn(CheckValue("Endpoint", + ((CHIPAccessControlClusterTarget *) ((CHIPAccessControlClusterAccessControlEntry *) actualValue[2]) + .targets[0]) + .endpoint, + 16U)); + VerifyOrReturn(CheckValueNull("DeviceType", + ((CHIPAccessControlClusterTarget *) ((CHIPAccessControlClusterAccessControlEntry *) actualValue[2]) + .targets[0]) + .deviceType)); + VerifyOrReturn(CheckValueNonNull("Cluster", + ((CHIPAccessControlClusterTarget *) ((CHIPAccessControlClusterAccessControlEntry *) actualValue[2]) + .targets[1]) + .cluster)); + VerifyOrReturn(CheckValue("Cluster", + ((CHIPAccessControlClusterTarget *) ((CHIPAccessControlClusterAccessControlEntry *) actualValue[2]) + .targets[1]) + .cluster, + 17UL)); + VerifyOrReturn(CheckValueNull("Endpoint", + ((CHIPAccessControlClusterTarget *) ((CHIPAccessControlClusterAccessControlEntry *) actualValue[2]) + .targets[1]) + .endpoint)); + VerifyOrReturn(CheckValueNull("DeviceType", + ((CHIPAccessControlClusterTarget *) ((CHIPAccessControlClusterAccessControlEntry *) actualValue[2]) + .targets[1]) + .deviceType)); + VerifyOrReturn(CheckValueNonNull("Cluster", + ((CHIPAccessControlClusterTarget *) ((CHIPAccessControlClusterAccessControlEntry *) actualValue[2]) + .targets[2]) + .cluster)); + VerifyOrReturn(CheckValue("Cluster", + ((CHIPAccessControlClusterTarget *) ((CHIPAccessControlClusterAccessControlEntry *) actualValue[2]) + .targets[2]) + .cluster, + 18UL)); + VerifyOrReturn(CheckValueNonNull("Endpoint", + ((CHIPAccessControlClusterTarget *) ((CHIPAccessControlClusterAccessControlEntry *) actualValue[2]) + .targets[2]) + .endpoint)); + VerifyOrReturn(CheckValue("Endpoint", + ((CHIPAccessControlClusterTarget *) ((CHIPAccessControlClusterAccessControlEntry *) actualValue[2]) + .targets[2]) + .endpoint, + 19U)); + VerifyOrReturn(CheckValueNull("DeviceType", + ((CHIPAccessControlClusterTarget *) ((CHIPAccessControlClusterAccessControlEntry *) actualValue[2]) + .targets[2]) + .deviceType)); + VerifyOrReturn(CheckValue( + "FabricIndex", ((CHIPAccessControlClusterAccessControlEntry *) actualValue[2]).fabricIndex, 1)); + } + + NextTest(); + }]; + + return CHIP_NO_ERROR; + } + + CHIP_ERROR TestRestoreAcl_19() { CHIPDevice * device = GetDevice("alpha"); CHIPTestAccessControl * cluster = [[CHIPTestAccessControl alloc] initWithDevice:device endpoint:0 queue:mCallbackQueue]; @@ -1512,7 +1924,7 @@ class TestAccessControlCluster : public TestCommandBridge { return CHIP_NO_ERROR; } - CHIP_ERROR TestVerify_18() + CHIP_ERROR TestVerify_20() { CHIPDevice * device = GetDevice("alpha"); CHIPTestAccessControl * cluster = [[CHIPTestAccessControl alloc] initWithDevice:device endpoint:0 queue:mCallbackQueue]; @@ -1547,7 +1959,7 @@ class TestAccessControlCluster : public TestCommandBridge { return CHIP_NO_ERROR; } - CHIP_ERROR TestValidateResourceMinimaSubjectsPerAccessControlEntry_19() + CHIP_ERROR TestValidateResourceMinimaSubjectsPerAccessControlEntry_21() { CHIPDevice * device = GetDevice("alpha"); CHIPTestAccessControl * cluster = [[CHIPTestAccessControl alloc] initWithDevice:device endpoint:0 queue:mCallbackQueue]; @@ -1569,7 +1981,7 @@ class TestAccessControlCluster : public TestCommandBridge { return CHIP_NO_ERROR; } - CHIP_ERROR TestValidateResourceMinimaTargetsPerAccessControlEntry_20() + CHIP_ERROR TestValidateResourceMinimaTargetsPerAccessControlEntry_22() { CHIPDevice * device = GetDevice("alpha"); CHIPTestAccessControl * cluster = [[CHIPTestAccessControl alloc] initWithDevice:device endpoint:0 queue:mCallbackQueue]; @@ -1591,7 +2003,7 @@ class TestAccessControlCluster : public TestCommandBridge { return CHIP_NO_ERROR; } - CHIP_ERROR TestValidateResourceMinimaAccessControlEntriesPerFabric_21() + CHIP_ERROR TestValidateResourceMinimaAccessControlEntriesPerFabric_23() { CHIPDevice * device = GetDevice("alpha"); CHIPTestAccessControl * cluster = [[CHIPTestAccessControl alloc] initWithDevice:device endpoint:0 queue:mCallbackQueue]; diff --git a/zzz_generated/chip-tool/zap-generated/test/Commands.h b/zzz_generated/chip-tool/zap-generated/test/Commands.h index a26b9023f8c767..54f6b7d2e28e27 100644 --- a/zzz_generated/chip-tool/zap-generated/test/Commands.h +++ b/zzz_generated/chip-tool/zap-generated/test/Commands.h @@ -496,7 +496,7 @@ class TestAccessControlClusterSuite : public TestCommand { public: TestAccessControlClusterSuite(CredentialIssuerCommands * credsIssuerConfig) : - TestCommand("TestAccessControlCluster", 22, credsIssuerConfig) + TestCommand("TestAccessControlCluster", 24, credsIssuerConfig) { AddArgument("nodeId", 0, UINT64_MAX, &mNodeId); AddArgument("cluster", &mCluster); @@ -838,9 +838,160 @@ class TestAccessControlClusterSuite : public TestCommand } break; case 17: - VerifyOrReturn(CheckValue("status", chip::to_underlying(status.mStatus), 0)); + VerifyOrReturn(CheckValue("status", chip::to_underlying(status.mStatus), EMBER_ZCL_STATUS_RESOURCE_EXHAUSTED)); break; case 18: + VerifyOrReturn(CheckValue("status", chip::to_underlying(status.mStatus), 0)); + { + chip::app::DataModel::DecodableList + value; + VerifyOrReturn(CheckDecodeValue(chip::app::DataModel::Decode(*data, value))); + { + auto iter_0 = value.begin(); + VerifyOrReturn(CheckNextListItemDecodes("acl", iter_0, 0)); + VerifyOrReturn(CheckValue("acl[0].privilege", iter_0.GetValue().privilege, 5)); + VerifyOrReturn(CheckValue("acl[0].authMode", iter_0.GetValue().authMode, 2)); + VerifyOrReturn(CheckValueNull("acl[0].subjects", iter_0.GetValue().subjects)); + VerifyOrReturn(CheckValueNonNull("acl[0].targets", iter_0.GetValue().targets)); + { + auto iter_NaN = iter_0.GetValue().targets.Value().begin(); + VerifyOrReturn(CheckNextListItemDecodes( + "acl[0].targets.Value()", iter_NaN, 0)); + VerifyOrReturn(CheckValueNull("acl[0].targets.Value()[0].cluster", iter_NaN.GetValue().cluster)); + VerifyOrReturn(CheckValueNonNull("acl[0].targets.Value()[0].endpoint", iter_NaN.GetValue().endpoint)); + VerifyOrReturn( + CheckValue("acl[0].targets.Value()[0].endpoint.Value()", iter_NaN.GetValue().endpoint.Value(), 0U)); + VerifyOrReturn(CheckValueNull("acl[0].targets.Value()[0].deviceType", iter_NaN.GetValue().deviceType)); + VerifyOrReturn(CheckNextListItemDecodes( + "acl[0].targets.Value()", iter_NaN, 1)); + VerifyOrReturn(CheckValueNonNull("acl[0].targets.Value()[1].cluster", iter_NaN.GetValue().cluster)); + VerifyOrReturn( + CheckValue("acl[0].targets.Value()[1].cluster.Value()", iter_NaN.GetValue().cluster.Value(), 1UL)); + VerifyOrReturn(CheckValueNull("acl[0].targets.Value()[1].endpoint", iter_NaN.GetValue().endpoint)); + VerifyOrReturn(CheckValueNull("acl[0].targets.Value()[1].deviceType", iter_NaN.GetValue().deviceType)); + VerifyOrReturn(CheckNextListItemDecodes( + "acl[0].targets.Value()", iter_NaN, 2)); + VerifyOrReturn(CheckValueNonNull("acl[0].targets.Value()[2].cluster", iter_NaN.GetValue().cluster)); + VerifyOrReturn( + CheckValue("acl[0].targets.Value()[2].cluster.Value()", iter_NaN.GetValue().cluster.Value(), 2UL)); + VerifyOrReturn(CheckValueNonNull("acl[0].targets.Value()[2].endpoint", iter_NaN.GetValue().endpoint)); + VerifyOrReturn( + CheckValue("acl[0].targets.Value()[2].endpoint.Value()", iter_NaN.GetValue().endpoint.Value(), 3U)); + VerifyOrReturn(CheckValueNull("acl[0].targets.Value()[2].deviceType", iter_NaN.GetValue().deviceType)); + VerifyOrReturn(CheckNoMoreListItems("acl[0].targets.Value()", + iter_NaN, 3)); + } + VerifyOrReturn(CheckValue("acl[0].fabricIndex", iter_0.GetValue().fabricIndex, 1)); + VerifyOrReturn(CheckNextListItemDecodes("acl", iter_0, 1)); + VerifyOrReturn(CheckValue("acl[1].privilege", iter_0.GetValue().privilege, 1)); + VerifyOrReturn(CheckValue("acl[1].authMode", iter_0.GetValue().authMode, 2)); + VerifyOrReturn(CheckValueNonNull("acl[1].subjects", iter_0.GetValue().subjects)); + { + auto iter_NaN = iter_0.GetValue().subjects.Value().begin(); + VerifyOrReturn(CheckNextListItemDecodes( + "acl[1].subjects.Value()", iter_NaN, 0)); + VerifyOrReturn(CheckValue("acl[1].subjects.Value()[0]", iter_NaN.GetValue(), 4ULL)); + VerifyOrReturn(CheckNextListItemDecodes( + "acl[1].subjects.Value()", iter_NaN, 1)); + VerifyOrReturn(CheckValue("acl[1].subjects.Value()[1]", iter_NaN.GetValue(), 5ULL)); + VerifyOrReturn(CheckNextListItemDecodes( + "acl[1].subjects.Value()", iter_NaN, 2)); + VerifyOrReturn(CheckValue("acl[1].subjects.Value()[2]", iter_NaN.GetValue(), 6ULL)); + VerifyOrReturn(CheckNextListItemDecodes( + "acl[1].subjects.Value()", iter_NaN, 3)); + VerifyOrReturn(CheckValue("acl[1].subjects.Value()[3]", iter_NaN.GetValue(), 7ULL)); + VerifyOrReturn(CheckNoMoreListItems("acl[1].subjects.Value()", + iter_NaN, 4)); + } + VerifyOrReturn(CheckValueNonNull("acl[1].targets", iter_0.GetValue().targets)); + { + auto iter_NaN = iter_0.GetValue().targets.Value().begin(); + VerifyOrReturn(CheckNextListItemDecodes( + "acl[1].targets.Value()", iter_NaN, 0)); + VerifyOrReturn(CheckValueNull("acl[1].targets.Value()[0].cluster", iter_NaN.GetValue().cluster)); + VerifyOrReturn(CheckValueNonNull("acl[1].targets.Value()[0].endpoint", iter_NaN.GetValue().endpoint)); + VerifyOrReturn( + CheckValue("acl[1].targets.Value()[0].endpoint.Value()", iter_NaN.GetValue().endpoint.Value(), 8U)); + VerifyOrReturn(CheckValueNull("acl[1].targets.Value()[0].deviceType", iter_NaN.GetValue().deviceType)); + VerifyOrReturn(CheckNextListItemDecodes( + "acl[1].targets.Value()", iter_NaN, 1)); + VerifyOrReturn(CheckValueNonNull("acl[1].targets.Value()[1].cluster", iter_NaN.GetValue().cluster)); + VerifyOrReturn( + CheckValue("acl[1].targets.Value()[1].cluster.Value()", iter_NaN.GetValue().cluster.Value(), 9UL)); + VerifyOrReturn(CheckValueNull("acl[1].targets.Value()[1].endpoint", iter_NaN.GetValue().endpoint)); + VerifyOrReturn(CheckValueNull("acl[1].targets.Value()[1].deviceType", iter_NaN.GetValue().deviceType)); + VerifyOrReturn(CheckNextListItemDecodes( + "acl[1].targets.Value()", iter_NaN, 2)); + VerifyOrReturn(CheckValueNonNull("acl[1].targets.Value()[2].cluster", iter_NaN.GetValue().cluster)); + VerifyOrReturn( + CheckValue("acl[1].targets.Value()[2].cluster.Value()", iter_NaN.GetValue().cluster.Value(), 10UL)); + VerifyOrReturn(CheckValueNonNull("acl[1].targets.Value()[2].endpoint", iter_NaN.GetValue().endpoint)); + VerifyOrReturn( + CheckValue("acl[1].targets.Value()[2].endpoint.Value()", iter_NaN.GetValue().endpoint.Value(), 11U)); + VerifyOrReturn(CheckValueNull("acl[1].targets.Value()[2].deviceType", iter_NaN.GetValue().deviceType)); + VerifyOrReturn(CheckNoMoreListItems("acl[1].targets.Value()", + iter_NaN, 3)); + } + VerifyOrReturn(CheckValue("acl[1].fabricIndex", iter_0.GetValue().fabricIndex, 1)); + VerifyOrReturn(CheckNextListItemDecodes("acl", iter_0, 2)); + VerifyOrReturn(CheckValue("acl[2].privilege", iter_0.GetValue().privilege, 3)); + VerifyOrReturn(CheckValue("acl[2].authMode", iter_0.GetValue().authMode, 3)); + VerifyOrReturn(CheckValueNonNull("acl[2].subjects", iter_0.GetValue().subjects)); + { + auto iter_NaN = iter_0.GetValue().subjects.Value().begin(); + VerifyOrReturn(CheckNextListItemDecodes( + "acl[2].subjects.Value()", iter_NaN, 0)); + VerifyOrReturn(CheckValue("acl[2].subjects.Value()[0]", iter_NaN.GetValue(), 12ULL)); + VerifyOrReturn(CheckNextListItemDecodes( + "acl[2].subjects.Value()", iter_NaN, 1)); + VerifyOrReturn(CheckValue("acl[2].subjects.Value()[1]", iter_NaN.GetValue(), 13ULL)); + VerifyOrReturn(CheckNextListItemDecodes( + "acl[2].subjects.Value()", iter_NaN, 2)); + VerifyOrReturn(CheckValue("acl[2].subjects.Value()[2]", iter_NaN.GetValue(), 14ULL)); + VerifyOrReturn(CheckNextListItemDecodes( + "acl[2].subjects.Value()", iter_NaN, 3)); + VerifyOrReturn(CheckValue("acl[2].subjects.Value()[3]", iter_NaN.GetValue(), 15ULL)); + VerifyOrReturn(CheckNoMoreListItems("acl[2].subjects.Value()", + iter_NaN, 4)); + } + VerifyOrReturn(CheckValueNonNull("acl[2].targets", iter_0.GetValue().targets)); + { + auto iter_NaN = iter_0.GetValue().targets.Value().begin(); + VerifyOrReturn(CheckNextListItemDecodes( + "acl[2].targets.Value()", iter_NaN, 0)); + VerifyOrReturn(CheckValueNull("acl[2].targets.Value()[0].cluster", iter_NaN.GetValue().cluster)); + VerifyOrReturn(CheckValueNonNull("acl[2].targets.Value()[0].endpoint", iter_NaN.GetValue().endpoint)); + VerifyOrReturn( + CheckValue("acl[2].targets.Value()[0].endpoint.Value()", iter_NaN.GetValue().endpoint.Value(), 16U)); + VerifyOrReturn(CheckValueNull("acl[2].targets.Value()[0].deviceType", iter_NaN.GetValue().deviceType)); + VerifyOrReturn(CheckNextListItemDecodes( + "acl[2].targets.Value()", iter_NaN, 1)); + VerifyOrReturn(CheckValueNonNull("acl[2].targets.Value()[1].cluster", iter_NaN.GetValue().cluster)); + VerifyOrReturn( + CheckValue("acl[2].targets.Value()[1].cluster.Value()", iter_NaN.GetValue().cluster.Value(), 17UL)); + VerifyOrReturn(CheckValueNull("acl[2].targets.Value()[1].endpoint", iter_NaN.GetValue().endpoint)); + VerifyOrReturn(CheckValueNull("acl[2].targets.Value()[1].deviceType", iter_NaN.GetValue().deviceType)); + VerifyOrReturn(CheckNextListItemDecodes( + "acl[2].targets.Value()", iter_NaN, 2)); + VerifyOrReturn(CheckValueNonNull("acl[2].targets.Value()[2].cluster", iter_NaN.GetValue().cluster)); + VerifyOrReturn( + CheckValue("acl[2].targets.Value()[2].cluster.Value()", iter_NaN.GetValue().cluster.Value(), 18UL)); + VerifyOrReturn(CheckValueNonNull("acl[2].targets.Value()[2].endpoint", iter_NaN.GetValue().endpoint)); + VerifyOrReturn( + CheckValue("acl[2].targets.Value()[2].endpoint.Value()", iter_NaN.GetValue().endpoint.Value(), 19U)); + VerifyOrReturn(CheckValueNull("acl[2].targets.Value()[2].deviceType", iter_NaN.GetValue().deviceType)); + VerifyOrReturn(CheckNoMoreListItems("acl[2].targets.Value()", + iter_NaN, 3)); + } + VerifyOrReturn(CheckValue("acl[2].fabricIndex", iter_0.GetValue().fabricIndex, 1)); + VerifyOrReturn(CheckNoMoreListItems("acl", iter_0, 3)); + } + } + break; + case 19: + VerifyOrReturn(CheckValue("status", chip::to_underlying(status.mStatus), 0)); + break; + case 20: VerifyOrReturn(CheckValue("status", chip::to_underlying(status.mStatus), 0)); { chip::app::DataModel::DecodableList @@ -858,7 +1009,7 @@ class TestAccessControlClusterSuite : public TestCommand } } break; - case 19: + case 21: VerifyOrReturn(CheckValue("status", chip::to_underlying(status.mStatus), 0)); { uint16_t value; @@ -866,7 +1017,7 @@ class TestAccessControlClusterSuite : public TestCommand VerifyOrReturn(CheckConstraintMinValue("value", value, 4U)); } break; - case 20: + case 22: VerifyOrReturn(CheckValue("status", chip::to_underlying(status.mStatus), 0)); { uint16_t value; @@ -874,7 +1025,7 @@ class TestAccessControlClusterSuite : public TestCommand VerifyOrReturn(CheckConstraintMinValue("value", value, 3U)); } break; - case 21: + case 23: VerifyOrReturn(CheckValue("status", chip::to_underlying(status.mStatus), 0)); { uint16_t value; @@ -1405,22 +1556,170 @@ class TestAccessControlClusterSuite : public TestCommand return ReadAttribute(kIdentityAlpha, GetEndpoint(0), AccessControl::Id, AccessControl::Attributes::Acl::Id); } case 17: { - LogStep(17, "Restore ACL"); + LogStep(17, "Write too many entries"); ListFreer listFreer; chip::app::DataModel::List value; { - auto * listHolder_0 = new ListHolder(1); + auto * listHolder_0 = new ListHolder(4); listFreer.add(listHolder_0); listHolder_0->mList[0].privilege = static_cast(5); listHolder_0->mList[0].authMode = static_cast(2); listHolder_0->mList[0].subjects.SetNull(); - listHolder_0->mList[0].targets.SetNull(); + listHolder_0->mList[0].targets.SetNonNull(); + + { + auto * listHolder_3 = new ListHolder(3); + listFreer.add(listHolder_3); + + listHolder_3->mList[0].cluster.SetNull(); + listHolder_3->mList[0].endpoint.SetNonNull(); + listHolder_3->mList[0].endpoint.Value() = 0U; + listHolder_3->mList[0].deviceType.SetNull(); + + listHolder_3->mList[1].cluster.SetNonNull(); + listHolder_3->mList[1].cluster.Value() = 1UL; + listHolder_3->mList[1].endpoint.SetNull(); + listHolder_3->mList[1].deviceType.SetNull(); + + listHolder_3->mList[2].cluster.SetNonNull(); + listHolder_3->mList[2].cluster.Value() = 2UL; + listHolder_3->mList[2].endpoint.SetNonNull(); + listHolder_3->mList[2].endpoint.Value() = 3U; + listHolder_3->mList[2].deviceType.SetNull(); + + listHolder_0->mList[0].targets.Value() = + chip::app::DataModel::List(listHolder_3->mList, + 3); + } listHolder_0->mList[0].fabricIndex = 0; + listHolder_0->mList[1].privilege = static_cast(1); + listHolder_0->mList[1].authMode = static_cast(2); + listHolder_0->mList[1].subjects.SetNonNull(); + + { + auto * listHolder_3 = new ListHolder(4); + listFreer.add(listHolder_3); + listHolder_3->mList[0] = 4ULL; + listHolder_3->mList[1] = 5ULL; + listHolder_3->mList[2] = 6ULL; + listHolder_3->mList[3] = 7ULL; + listHolder_0->mList[1].subjects.Value() = chip::app::DataModel::List(listHolder_3->mList, 4); + } + listHolder_0->mList[1].targets.SetNonNull(); + + { + auto * listHolder_3 = new ListHolder(3); + listFreer.add(listHolder_3); + + listHolder_3->mList[0].cluster.SetNull(); + listHolder_3->mList[0].endpoint.SetNonNull(); + listHolder_3->mList[0].endpoint.Value() = 8U; + listHolder_3->mList[0].deviceType.SetNull(); + + listHolder_3->mList[1].cluster.SetNonNull(); + listHolder_3->mList[1].cluster.Value() = 9UL; + listHolder_3->mList[1].endpoint.SetNull(); + listHolder_3->mList[1].deviceType.SetNull(); + + listHolder_3->mList[2].cluster.SetNonNull(); + listHolder_3->mList[2].cluster.Value() = 10UL; + listHolder_3->mList[2].endpoint.SetNonNull(); + listHolder_3->mList[2].endpoint.Value() = 11U; + listHolder_3->mList[2].deviceType.SetNull(); + + listHolder_0->mList[1].targets.Value() = + chip::app::DataModel::List(listHolder_3->mList, + 3); + } + listHolder_0->mList[1].fabricIndex = 0; + + listHolder_0->mList[2].privilege = static_cast(3); + listHolder_0->mList[2].authMode = static_cast(3); + listHolder_0->mList[2].subjects.SetNonNull(); + + { + auto * listHolder_3 = new ListHolder(4); + listFreer.add(listHolder_3); + listHolder_3->mList[0] = 12ULL; + listHolder_3->mList[1] = 13ULL; + listHolder_3->mList[2] = 14ULL; + listHolder_3->mList[3] = 15ULL; + listHolder_0->mList[2].subjects.Value() = chip::app::DataModel::List(listHolder_3->mList, 4); + } + listHolder_0->mList[2].targets.SetNonNull(); + + { + auto * listHolder_3 = new ListHolder(3); + listFreer.add(listHolder_3); + + listHolder_3->mList[0].cluster.SetNull(); + listHolder_3->mList[0].endpoint.SetNonNull(); + listHolder_3->mList[0].endpoint.Value() = 16U; + listHolder_3->mList[0].deviceType.SetNull(); + + listHolder_3->mList[1].cluster.SetNonNull(); + listHolder_3->mList[1].cluster.Value() = 17UL; + listHolder_3->mList[1].endpoint.SetNull(); + listHolder_3->mList[1].deviceType.SetNull(); + + listHolder_3->mList[2].cluster.SetNonNull(); + listHolder_3->mList[2].cluster.Value() = 18UL; + listHolder_3->mList[2].endpoint.SetNonNull(); + listHolder_3->mList[2].endpoint.Value() = 19U; + listHolder_3->mList[2].deviceType.SetNull(); + + listHolder_0->mList[2].targets.Value() = + chip::app::DataModel::List(listHolder_3->mList, + 3); + } + listHolder_0->mList[2].fabricIndex = 0; + + listHolder_0->mList[3].privilege = static_cast(1); + listHolder_0->mList[3].authMode = static_cast(2); + listHolder_0->mList[3].subjects.SetNonNull(); + + { + auto * listHolder_3 = new ListHolder(4); + listFreer.add(listHolder_3); + listHolder_3->mList[0] = 20ULL; + listHolder_3->mList[1] = 21ULL; + listHolder_3->mList[2] = 22ULL; + listHolder_3->mList[3] = 23ULL; + listHolder_0->mList[3].subjects.Value() = chip::app::DataModel::List(listHolder_3->mList, 4); + } + listHolder_0->mList[3].targets.SetNonNull(); + + { + auto * listHolder_3 = new ListHolder(3); + listFreer.add(listHolder_3); + + listHolder_3->mList[0].cluster.SetNull(); + listHolder_3->mList[0].endpoint.SetNonNull(); + listHolder_3->mList[0].endpoint.Value() = 24U; + listHolder_3->mList[0].deviceType.SetNull(); + + listHolder_3->mList[1].cluster.SetNonNull(); + listHolder_3->mList[1].cluster.Value() = 25UL; + listHolder_3->mList[1].endpoint.SetNull(); + listHolder_3->mList[1].deviceType.SetNull(); + + listHolder_3->mList[2].cluster.SetNonNull(); + listHolder_3->mList[2].cluster.Value() = 26UL; + listHolder_3->mList[2].endpoint.SetNonNull(); + listHolder_3->mList[2].endpoint.Value() = 27U; + listHolder_3->mList[2].deviceType.SetNull(); + + listHolder_0->mList[3].targets.Value() = + chip::app::DataModel::List(listHolder_3->mList, + 3); + } + listHolder_0->mList[3].fabricIndex = 0; + value = chip::app::DataModel::List( - listHolder_0->mList, 1); + listHolder_0->mList, 4); } return WriteAttribute(kIdentityAlpha, GetEndpoint(0), AccessControl::Id, AccessControl::Attributes::Acl::Id, value); } @@ -1429,17 +1728,41 @@ class TestAccessControlClusterSuite : public TestCommand return ReadAttribute(kIdentityAlpha, GetEndpoint(0), AccessControl::Id, AccessControl::Attributes::Acl::Id); } case 19: { - LogStep(19, "Validate resource minima (SubjectsPerAccessControlEntry)"); + LogStep(19, "Restore ACL"); + ListFreer listFreer; + chip::app::DataModel::List value; + + { + auto * listHolder_0 = new ListHolder(1); + listFreer.add(listHolder_0); + + listHolder_0->mList[0].privilege = static_cast(5); + listHolder_0->mList[0].authMode = static_cast(2); + listHolder_0->mList[0].subjects.SetNull(); + listHolder_0->mList[0].targets.SetNull(); + listHolder_0->mList[0].fabricIndex = 0; + + value = chip::app::DataModel::List( + listHolder_0->mList, 1); + } + return WriteAttribute(kIdentityAlpha, GetEndpoint(0), AccessControl::Id, AccessControl::Attributes::Acl::Id, value); + } + case 20: { + LogStep(20, "Verify"); + return ReadAttribute(kIdentityAlpha, GetEndpoint(0), AccessControl::Id, AccessControl::Attributes::Acl::Id); + } + case 21: { + LogStep(21, "Validate resource minima (SubjectsPerAccessControlEntry)"); return ReadAttribute(kIdentityAlpha, GetEndpoint(0), AccessControl::Id, AccessControl::Attributes::SubjectsPerAccessControlEntry::Id); } - case 20: { - LogStep(20, "Validate resource minima (TargetsPerAccessControlEntry)"); + case 22: { + LogStep(22, "Validate resource minima (TargetsPerAccessControlEntry)"); return ReadAttribute(kIdentityAlpha, GetEndpoint(0), AccessControl::Id, AccessControl::Attributes::TargetsPerAccessControlEntry::Id); } - case 21: { - LogStep(21, "Validate resource minima (AccessControlEntriesPerFabric)"); + case 23: { + LogStep(23, "Validate resource minima (AccessControlEntriesPerFabric)"); return ReadAttribute(kIdentityAlpha, GetEndpoint(0), AccessControl::Id, AccessControl::Attributes::AccessControlEntriesPerFabric::Id); }