From 8d70a0d450c8d43ba7e04f171572124e6566eacc Mon Sep 17 00:00:00 2001
From: Kody Stribrny <kstribrn@amazon.com>
Date: Thu, 28 May 2026 16:22:52 -0700
Subject: [PATCH] Remove ACL permissions for deleted resource

Setting the configENABLE_ACL_OBJECT_DELETION_CLEANUP
flag will revoke ACL permissions across
all tasks. Previously the task deleting the object would
need to also revoke permissions.
---
 .../template_configuration/FreeRTOSConfig.h   |  7 +++
 portable/Common/mpu_wrappers_v2.c             | 60 +++++++++++++++++++
 2 files changed, 67 insertions(+)

diff --git a/examples/template_configuration/FreeRTOSConfig.h b/examples/template_configuration/FreeRTOSConfig.h
index b8c0e7f1244..2935d246e8a 100644
--- a/examples/template_configuration/FreeRTOSConfig.h
+++ b/examples/template_configuration/FreeRTOSConfig.h
@@ -502,6 +502,13 @@
  * provided for the same. Defaults to 0 if left undefined. */
 #define configENABLE_ACCESS_CONTROL_LIST                          1
 
+/* When using the v2 MPU wrapper with Access Control Lists enabled, set
+* configENABLE_ACL_OBJECT_DELETION_CLEANUP to 1 to automatically remove
+* access permissions to the object upon deletion. If this is not enabled,
+* the privileged task calling the deletion API has the responsibility to
+* clean up the ACLs. */
+#define configENABLE_ACL_OBJECT_DELETION_CLEANUP                  0
+
 /******************************************************************************/
 /* SMP( Symmetric MultiProcessing ) Specific Configuration definitions. *******/
 /******************************************************************************/
diff --git a/portable/Common/mpu_wrappers_v2.c b/portable/Common/mpu_wrappers_v2.c
index 70082b82916..af3a732cac4 100644
--- a/portable/Common/mpu_wrappers_v2.c
+++ b/portable/Common/mpu_wrappers_v2.c
@@ -343,6 +343,34 @@
     }
 /*-----------------------------------------------------------*/
 
+    #if ( ( configENABLE_ACCESS_CONTROL_LIST == 1 ) && ( configENABLE_ACL_OBJECT_DELETION_CLEANUP == 1 ) )
+
+        static void vRevokeAccessObjectDeleted( int32_t lExternalIndexOfKernelObject ) /* PRIVILEGED_FUNCTION */
+        {
+            int32_t i;
+            TaskHandle_t xInternalTaskHandle;
+
+            if( IS_EXTERNAL_INDEX_VALID( lExternalIndexOfKernelObject ) != pdFALSE )
+            {
+                for( i = 0; i < configPROTECTED_KERNEL_OBJECT_POOL_SIZE; i++ )
+                {
+                    if( xKernelObjectPool[ i ].ulKernelObjectType == KERNEL_OBJECT_TYPE_TASK )
+                    {
+                        xInternalTaskHandle = ( TaskHandle_t ) xKernelObjectPool[ i ].xInternalObjectHandle;
+
+                        if( xInternalTaskHandle != NULL )
+                        {
+                            vPortRevokeAccessToKernelObject( xInternalTaskHandle,
+                                                             CONVERT_TO_INTERNAL_INDEX( lExternalIndexOfKernelObject ) );
+                        }
+                    }
+                }
+            }
+        }
+
+    #endif /* #if ( ( configENABLE_ACCESS_CONTROL_LIST == 1 ) && ( configENABLE_ACL_OBJECT_DELETION_CLEANUP == 1 ) ) */
+/*-----------------------------------------------------------*/
+
     #if ( configENABLE_ACCESS_CONTROL_LIST == 1 )
 
         void vGrantAccessToKernelObject( TaskHandle_t xExternalTaskHandle,
@@ -1648,6 +1676,12 @@
 
                 if( lIndex != -1 )
                 {
+                    #if ( ( configENABLE_ACCESS_CONTROL_LIST == 1 ) && ( configENABLE_ACL_OBJECT_DELETION_CLEANUP == 1 ) )
+                    {
+                        vRevokeAccessObjectDeleted( CONVERT_TO_EXTERNAL_INDEX( lIndex ) );
+                    }
+                    #endif
+
                     MPU_SetIndexFreeInKernelObjectPool( lIndex );
                 }
 
@@ -1663,6 +1697,12 @@
 
                     if( xInternalTaskHandle != NULL )
                     {
+                        #if ( ( configENABLE_ACCESS_CONTROL_LIST == 1 ) && ( configENABLE_ACL_OBJECT_DELETION_CLEANUP == 1 ) )
+                        {
+                            vRevokeAccessObjectDeleted( lIndex );
+                        }
+                        #endif
+
                         MPU_SetIndexFreeInKernelObjectPool( CONVERT_TO_INTERNAL_INDEX( lIndex ) );
                         vTaskDelete( xInternalTaskHandle );
                     }
@@ -2760,6 +2800,13 @@
             if( xInternalQueueHandle != NULL )
             {
                 vQueueDelete( xInternalQueueHandle );
+
+                #if ( ( configENABLE_ACCESS_CONTROL_LIST == 1 ) && ( configENABLE_ACL_OBJECT_DELETION_CLEANUP == 1 ) )
+                {
+                    vRevokeAccessObjectDeleted( lIndex );
+                }
+                #endif
+
                 MPU_SetIndexFreeInKernelObjectPool( CONVERT_TO_INTERNAL_INDEX( lIndex ) );
             }
         }
@@ -4247,6 +4294,13 @@
                 if( xInternalEventGroupHandle != NULL )
                 {
                     vEventGroupDelete( xInternalEventGroupHandle );
+
+                    #if ( ( configENABLE_ACCESS_CONTROL_LIST == 1 ) && ( configENABLE_ACL_OBJECT_DELETION_CLEANUP == 1 ) )
+                    {
+                        vRevokeAccessObjectDeleted( lIndex );
+                    }
+                    #endif
+
                     MPU_SetIndexFreeInKernelObjectPool( CONVERT_TO_INTERNAL_INDEX( lIndex ) );
                 }
             }
@@ -4810,6 +4864,12 @@
                 if( xInternalStreamBufferHandle != NULL )
                 {
                     vStreamBufferDelete( xInternalStreamBufferHandle );
+
+                    #if ( ( configENABLE_ACCESS_CONTROL_LIST == 1 ) && ( configENABLE_ACL_OBJECT_DELETION_CLEANUP == 1 ) )
+                    {
+                        vRevokeAccessObjectDeleted( lIndex );
+                    }
+                    #endif
                 }
 
                 MPU_SetIndexFreeInKernelObjectPool( CONVERT_TO_INTERNAL_INDEX( lIndex ) );