subsys/net/lib/lwm2m/lwm2m_obj_access_control.h - third_party/github/zephyrproject-rtos/zephyr - Git at Google

 /*
  * Copyright (c) 2022 Nordic Semiconductor ASA
  *
  * SPDX-License-Identifier: Apache-2.0
  */
 #ifndef LWM2M_OBJ_ACCESS_CONTROL_H
 #define LWM2M_OBJ_ACCESS_CONTROL_H
 #include "lwm2m_engine.h"
 #include "lwm2m_object.h"

 /**
  * @brief Main access control logic. Checks if the server with instance id @p server_obj_inst are
  * allowed to do @p operation on the object instance of object id @p obj_id
  * and object instance id @p obj_inst_id. If access control is enabled, this should
  * be called before every operation to test access.
  *
  * @param obj_id object id of the object instance having its rights checked.
  * @param obj_inst_id object instance id of the object instance having its rights checked.
  * @param server_obj_inst object instance id of the server attempting to do the operation.
  * @param operation lwm2m operation / permission (like LWM2M_OP_READ)
  * @param bootstrap_mode 1/0. Bootstrap servers should have complete access during bootstrap.
  * @return int to signal access:
  *		 0		- server has access
  *		-EACCES	- unauthorized
  *		-EPERM	- method not allowed
  */
 int access_control_check_access(uint16_t obj_id, uint16_t obj_inst_id, uint16_t server_obj_inst,
 				uint16_t operation, bool bootstrap_mode);

 /**
  * @brief Creates an access control object instance. Should be called every
  * time an object instance is created.
  *
  * @param obj_id object id of the object instance getting an access control.
  * @param obj_inst_id object instance id of the object instance getting access control.
  * @param server_obj_inst_id object instance id of the server creating the object instance.
  */
 void access_control_add(uint16_t obj_id, uint16_t obj_inst_id, int server_obj_inst_id);

 /**
  * @brief Creates an access control object instance for objects. Should be called if servers should
  * have access to create object instances of object id @p obj_id.
  *
  * @param obj_id object id of the object getting access control.
  * @param server_obj_inst_id object instance id of the server creating the access control
  * object instance.
  */
 void access_control_add_obj(uint16_t obj_id, int server_obj_inst_id);

 /**
  * @brief Removes the access control instance that contains the access rights concerning
  * the object instance of object id @p obj_id and object instance id @p obj_inst_id.
  * Does nothing if obj_id == 2 (i.e. object id for access control). Should be called
  * automatically any time an object instance is unregistered/deleted.
  *
  * @param obj_id object id of the object instance getting removed.
  * @param obj_inst_id object instance id of the object instance getting removed.
  */
 void access_control_remove(uint16_t obj_id, uint16_t obj_inst_id);

 /**
  * @brief Removes the access control instance that contains the access rights concerning
  * the object with object id @p obj_id.
  *
  * @param obj_id object id of the object gettting removed.
  */
 void access_control_remove_obj(uint16_t obj_id);

 #endif
	/*
	* Copyright (c) 2022 Nordic Semiconductor ASA
	*
	* SPDX-License-Identifier: Apache-2.0
	*/
	#ifndef LWM2M_OBJ_ACCESS_CONTROL_H
	#define LWM2M_OBJ_ACCESS_CONTROL_H
	#include "lwm2m_engine.h"
	#include "lwm2m_object.h"

	/**
	* @brief Main access control logic. Checks if the server with instance id @p server_obj_inst are
	* allowed to do @p operation on the object instance of object id @p obj_id
	* and object instance id @p obj_inst_id. If access control is enabled, this should
	* be called before every operation to test access.
	*
	* @param obj_id object id of the object instance having its rights checked.
	* @param obj_inst_id object instance id of the object instance having its rights checked.
	* @param server_obj_inst object instance id of the server attempting to do the operation.
	* @param operation lwm2m operation / permission (like LWM2M_OP_READ)
	* @param bootstrap_mode 1/0. Bootstrap servers should have complete access during bootstrap.
	* @return int to signal access:
	* 0 - server has access
	* -EACCES - unauthorized
	* -EPERM - method not allowed
	*/
	int access_control_check_access(uint16_t obj_id, uint16_t obj_inst_id, uint16_t server_obj_inst,
	uint16_t operation, bool bootstrap_mode);

	/**
	* @brief Creates an access control object instance. Should be called every
	* time an object instance is created.
	*
	* @param obj_id object id of the object instance getting an access control.
	* @param obj_inst_id object instance id of the object instance getting access control.
	* @param server_obj_inst_id object instance id of the server creating the object instance.
	*/
	void access_control_add(uint16_t obj_id, uint16_t obj_inst_id, int server_obj_inst_id);

	/**
	* @brief Creates an access control object instance for objects. Should be called if servers should
	* have access to create object instances of object id @p obj_id.
	*
	* @param obj_id object id of the object getting access control.
	* @param server_obj_inst_id object instance id of the server creating the access control
	* object instance.
	*/
	void access_control_add_obj(uint16_t obj_id, int server_obj_inst_id);

	/**
	* @brief Removes the access control instance that contains the access rights concerning
	* the object instance of object id @p obj_id and object instance id @p obj_inst_id.
	* Does nothing if obj_id == 2 (i.e. object id for access control). Should be called
	* automatically any time an object instance is unregistered/deleted.
	*
	* @param obj_id object id of the object instance getting removed.
	* @param obj_inst_id object instance id of the object instance getting removed.
	*/
	void access_control_remove(uint16_t obj_id, uint16_t obj_inst_id);

	/**
	* @brief Removes the access control instance that contains the access rights concerning
	* the object with object id @p obj_id.
	*
	* @param obj_id object id of the object gettting removed.
	*/
	void access_control_remove_obj(uint16_t obj_id);

	#endif