From 4eb825dbdf524868e67255e1ba56bbd8b9112153 Mon Sep 17 00:00:00 2001
From: Marc Lepage <67919234+mlepage-google@users.noreply.github.com>
Date: Sat, 26 Mar 2022 01:36:59 -0400
Subject: [PATCH] Add RemoveFabric to AccessControl (#16685)

Use the "public" API to delete entries for a fabric.

Tested (on Linux using chip-all-clusters-app and chip-tool) by
commissioning on three fabrics, with 3, 2, and 2 distinct ACLs,
then removing the second (middle) fabric, and verifying that
the remaining 5 ACLs are preserved, even after restart.

Part of issue #13876 (fabric removal and factory reset)
---
 src/access/AccessControl.cpp | 16 ++++++++++++++++
 src/access/AccessControl.h   |  2 ++
 src/app/server/Server.h      |  1 +
 3 files changed, 19 insertions(+)

diff --git a/src/access/AccessControl.cpp b/src/access/AccessControl.cpp
index 2a2f37beb40fa7..f9cb48a20f18b2 100644
--- a/src/access/AccessControl.cpp
+++ b/src/access/AccessControl.cpp
@@ -188,6 +188,22 @@ CHIP_ERROR AccessControl::Finish()
     return retval;
 }
 
+CHIP_ERROR AccessControl::RemoveFabric(FabricIndex fabricIndex)
+{
+    ChipLogProgress(DataManagement, "AccessControl: removing fabric %u", fabricIndex);
+
+    CHIP_ERROR err;
+    do
+    {
+        err = DeleteEntry(0, &fabricIndex);
+    } while (err == CHIP_NO_ERROR);
+
+    // Sentinel error is OK, just means there was no such entry.
+    ReturnErrorCodeIf(err != CHIP_ERROR_SENTINEL, err);
+
+    return CHIP_NO_ERROR;
+}
+
 CHIP_ERROR AccessControl::Check(const SubjectDescriptor & subjectDescriptor, const RequestPath & requestPath,
                                 Privilege requestPrivilege)
 {
diff --git a/src/access/AccessControl.h b/src/access/AccessControl.h
index dd74167f0891d5..be1c268e3628b5 100644
--- a/src/access/AccessControl.h
+++ b/src/access/AccessControl.h
@@ -468,6 +468,8 @@ class AccessControl
         return mDelegate->DeleteEntry(index, fabricIndex);
     }
 
+    CHIP_ERROR RemoveFabric(FabricIndex fabricIndex);
+
     /**
      * Iterates over entries in the access control list.
      *
diff --git a/src/app/server/Server.h b/src/app/server/Server.h
index b036f96eed08d7..ca5bdcfa99a394 100644
--- a/src/app/server/Server.h
+++ b/src/app/server/Server.h
@@ -223,6 +223,7 @@ class Server
             {
                 groupDataProvider->RemoveFabric(fabricIndex);
             }
+            Access::GetAccessControl().RemoveFabric(fabricIndex);
         };
         void OnFabricRetrievedFromStorage(FabricInfo * fabricInfo) override { (void) fabricInfo; }