Allow rule and Deny rule not checked in create_topic?

[mirusu400]

Is there an already existing issue for this?

• I have searched the existing issues

Expected behavior

When we add a topic in deny_rule using governance.xml and permissions.xml, we should cannot make topic given DomainParticipant::create_topic function.

Current behavior

When we add a topic in deny_rule using governance.xml and permissions.xml, DomainParticipant::create_topic are just worked even topics are in deny_rule.

Fast-DDS/src/cpp/security/accesscontrol/Permissions.cpp

Lines 153 to 162 in 6eb1170

	static bool check_rule(
	const char* topic_name,
	const Rule& rule,
	const std::vector<std::string>& partitions,
	const std::vector<Criteria>& criterias,
	SecurityException& exception)
	{
	bool returned_value = false;
	if (rule.allow)

The check_rule function which checks rule of topis only runs on these functions: Permissions::check_create_datawriter, Permissions::check_create_datareader, Permissions::check_remote_datawriter, Permissions::check_remote_datareader, but not on topic.

Steps to reproduce

FastDDS-api-poc.zip

1. unzip given poc file.

mkdir build
cd buid
cmake ..
make
./main

We cannot make topic, but PoC publisher successfully make topic and running 10 samples.

Fast DDS version/commit

• FastCDR commit 3c6195aefd11d46395caf7d8b29019b5ef5aaefd (HEAD -> master, origin/master, origin/HEAD, origin/2.1.x)
• FastDDS commit e94c4b1 (HEAD -> 2.13.1, tag: v2.13.1, origin/2.13.1)
• clang 11

Platform/Architecture

Other. Please specify in Additional context section.

Transport layer

UDPv4

Additional context

We should check rules when creating a topic.

Relevant sections of DDS Security v1.1 include:
8.4.2.9.6 Operation: check_create_topic
8.8.5 AccessControl behavior with local domain entity creation
9.4.3 DDS:Access:Permissions plugin behavior

XML configuration file

No response

Relevant log output

No response

Network traffic capture

No response