1 /*
2  * Copyright (c) 2022 Nordic Semiconductor ASA
3  *
4  * SPDX-License-Identifier: Apache-2.0
5  */
6 #ifndef LWM2M_OBJ_ACCESS_CONTROL_H
7 #define LWM2M_OBJ_ACCESS_CONTROL_H
8 #include "lwm2m_engine.h"
9 #include "lwm2m_object.h"
10 
11 /**
12  * @brief Main access control logic. Checks if the server with instance id @p server_obj_inst are
13  * allowed to do @p operation on the object instance of object id @p obj_id
14  * and object instance id @p obj_inst_id. If access control is enabled, this should
15  * be called before every operation to test access.
16  *
17  * @param obj_id object id of the object instance having its rights checked.
18  * @param obj_inst_id object instance id of the object instance having its rights checked.
19  * @param server_obj_inst object instance id of the server attempting to do the operation.
20  * @param operation lwm2m operation / permission (like LWM2M_OP_READ)
21  * @param bootstrap_mode 1/0. Bootstrap servers should have complete access during bootstrap.
22  * @return int to signal access:
23  *		 0		- server has access
24  *		-EACCES	- unauthorized
25  *		-EPERM	- method not allowed
26  */
27 int access_control_check_access(uint16_t obj_id, uint16_t obj_inst_id, uint16_t server_obj_inst,
28 				uint16_t operation, bool bootstrap_mode);
29 
30 /**
31  * @brief Creates an access control object instance. Should be called every
32  * time an object instance is created.
33  *
34  * @param obj_id object id of the object instance getting an access control.
35  * @param obj_inst_id object instance id of the object instance getting access control.
36  * @param server_obj_inst_id object instance id of the server creating the object instance.
37  */
38 void access_control_add(uint16_t obj_id, uint16_t obj_inst_id, int server_obj_inst_id);
39 
40 /**
41  * @brief Creates an access control object instance for objects. Should be called if servers should
42  * have access to create object instances of object id @p obj_id.
43  *
44  * @param obj_id object id of the object getting access control.
45  * @param server_obj_inst_id object instance id of the server creating the access control
46  * object instance.
47  */
48 void access_control_add_obj(uint16_t obj_id, int server_obj_inst_id);
49 
50 /**
51  * @brief Removes the access control instance that contains the access rights concerning
52  * the object instance of object id @p obj_id and object instance id @p obj_inst_id.
53  * Does nothing if obj_id == 2 (i.e. object id for access control). Should be called
54  * automatically any time an object instance is unregistered/deleted.
55  *
56  * @param obj_id object id of the object instance getting removed.
57  * @param obj_inst_id object instance id of the object instance getting removed.
58  */
59 void access_control_remove(uint16_t obj_id, uint16_t obj_inst_id);
60 
61 /**
62  * @brief Removes the access control instance that contains the access rights concerning
63  * the object with object id @p obj_id.
64  *
65  * @param obj_id object id of the object getting removed.
66  */
67 void access_control_remove_obj(uint16_t obj_id);
68 
69 #endif
70