From ac1536dc580e55d277d940ddb87b27d1f16f3ad5 Mon Sep 17 00:00:00 2001
From: C Freeman <cecille@google.com>
Date: Fri, 24 Nov 2023 10:09:22 -0500
Subject: [PATCH 1/3] Data model XML: Add ICD, regen from ToT (#30638)

---
 data_model/clusters/ContentControl.xml       |  88 ++++-----
 data_model/clusters/ICDManagement.xml        | 180 +++++++++++++++++++
 data_model/clusters/KeypadInput.xml          |   4 +-
 data_model/clusters/MediaPlayback.xml        |  14 +-
 data_model/clusters/MicrowaveOvenControl.xml |   2 +-
 data_model/clusters/PowerSourceCluster.xml   |  16 +-
 data_model/clusters/TimeSync.xml             |   2 +-
 data_model/spec_sha                          |   2 +-
 scripts/spec_xml/generate_spec_xml.py        |   3 +-
 9 files changed, 254 insertions(+), 57 deletions(-)
 create mode 100644 data_model/clusters/ICDManagement.xml

diff --git a/data_model/clusters/ContentControl.xml b/data_model/clusters/ContentControl.xml
index 3642777b46a76d..ff38faf1f10909 100644
--- a/data_model/clusters/ContentControl.xml
+++ b/data_model/clusters/ContentControl.xml
@@ -79,12 +79,12 @@ Davis, CA 95616, USA
   </features>
   <dataTypes>
     <struct name="RatingNameStruct">
-      <field id="1" name="RatingName" type="string">
+      <field id="0" name="RatingName" type="string">
         <access read="true"/>
         <mandatoryConform/>
         <constraint type="maxLength" value="8"/>
       </field>
-      <field id="2" name="RatingNameDesc" type="string">
+      <field id="1" name="RatingNameDesc" type="string">
         <access read="true"/>
         <optionalConform/>
         <constraint type="maxLength" value="64"/>
@@ -92,60 +92,66 @@ Davis, CA 95616, USA
     </struct>
   </dataTypes>
   <attributes>
-    <attribute id="0x0001" name="Enabled" type="bool">
+    <attribute id="0x0000" name="Enabled" type="bool">
       <access read="true" readPrivilege="view"/>
       <mandatoryConform/>
+      <constraint type="desc"/>
     </attribute>
-    <attribute id="0x0002" name="OnDemandRatings" type="list[RatingNameStruct Type]">
+    <attribute id="0x0001" name="OnDemandRatings" type="list[RatingNameStruct Type]">
       <access read="true" readPrivilege="view"/>
       <mandatoryConform>
         <feature name="OCR"/>
       </mandatoryConform>
+      <constraint type="desc"/>
     </attribute>
-    <attribute id="0x0003" name="OnDemandRatingThreshold" type="string">
-      <access read="true" write="true" readPrivilege="view" writePrivilege="operate"/>
+    <attribute id="0x0002" name="OnDemandRatingThreshold" type="string">
+      <access read="true" readPrivilege="view"/>
       <mandatoryConform>
         <feature name="OCR"/>
       </mandatoryConform>
       <constraint type="maxLength" value="8"/>
     </attribute>
-    <attribute id="0x0004" name="ScheduledContentRatings" type="list[RatingNameStruct Type]">
+    <attribute id="0x0003" name="ScheduledContentRatings" type="list[RatingNameStruct Type]">
       <access read="true" readPrivilege="view"/>
       <mandatoryConform>
         <feature name="SCR"/>
       </mandatoryConform>
+      <constraint type="desc"/>
     </attribute>
-    <attribute id="0x0005" name="ScheduledContentRatingThreshold" type="string">
-      <access read="true" write="true" readPrivilege="view" writePrivilege="operate"/>
+    <attribute id="0x0004" name="ScheduledContentRatingThreshold" type="string">
+      <access read="true" readPrivilege="view"/>
       <mandatoryConform>
         <feature name="SCR"/>
       </mandatoryConform>
       <constraint type="maxLength" value="8"/>
     </attribute>
-    <attribute id="0x0006" name="ScreenDailyTime" type="elapsed-s">
+    <attribute id="0x0005" name="ScreenDailyTime" type="elapsed-s">
       <access read="true" readPrivilege="view"/>
       <mandatoryConform>
         <feature name="ST"/>
       </mandatoryConform>
+      <constraint type="max" value="86400"/>
     </attribute>
-    <attribute id="0x0007" name="RemainingScreenTime" type="elapsed-s">
+    <attribute id="0x0006" name="RemainingScreenTime" type="elapsed-s">
       <access read="true" readPrivilege="view"/>
       <mandatoryConform>
         <feature name="ST"/>
       </mandatoryConform>
+      <constraint type="max" value="86400"/>
     </attribute>
-    <attribute id="0x0008" name="BlockUnrated" type="bool">
+    <attribute id="0x0007" name="BlockUnrated" type="bool">
       <access read="true" readPrivilege="view"/>
       <mandatoryConform>
         <feature name="BU"/>
       </mandatoryConform>
+      <constraint type="desc"/>
     </attribute>
   </attributes>
   <commands>
     <command id="0x00" name="UpdatePIN" response="Y">
-      <access invokePrivilege="operate" timed="true"/>
+      <access invokePrivilege="manage" timed="true"/>
       <mandatoryConform>
-        <feature name="PIN"/>
+        <feature name="PM"/>
       </mandatoryConform>
       <field id="0" name="OldPIN" type="string">
         <mandatoryConform/>
@@ -159,13 +165,13 @@ Davis, CA 95616, USA
     <command id="0x01" name="ResetPIN" response="ResetPINResponse">
       <access invokePrivilege="admin" timed="true"/>
       <mandatoryConform>
-        <feature name="PIN"/>
+        <feature name="PM"/>
       </mandatoryConform>
     </command>
     <command id="0x02" name="ResetPINResponse" direction="responseFromServer">
       <access invokePrivilege="operate"/>
       <mandatoryConform>
-        <feature name="PIN"/>
+        <feature name="PM"/>
       </mandatoryConform>
       <field id="0" name="PINCode" type="string">
         <mandatoryConform/>
@@ -173,20 +179,12 @@ Davis, CA 95616, USA
       </field>
     </command>
     <command id="0x03" name="Enable" response="Y">
-      <access invokePrivilege="operate" timed="true"/>
+      <access invokePrivilege="manage" timed="true"/>
       <mandatoryConform/>
-      <field id="0" name="PINCode" type="string">
-        <mandatoryConform/>
-        <constraint type="maxLength" value="6"/>
-      </field>
     </command>
     <command id="0x04" name="Disable" response="Y">
-      <access invokePrivilege="operate" timed="true"/>
+      <access invokePrivilege="manage" timed="true"/>
       <mandatoryConform/>
-      <field id="0" name="PINCode" type="string">
-        <mandatoryConform/>
-        <constraint type="maxLength" value="6"/>
-      </field>
     </command>
     <command id="0x05" name="AddBonusTime" response="Y">
       <access invokePrivilege="operate"/>
@@ -194,7 +192,7 @@ Davis, CA 95616, USA
         <feature name="ST"/>
       </mandatoryConform>
       <field id="0" name="PINCode" type="string">
-        <mandatoryConform/>
+        <optionalConform/>
         <constraint type="maxLength" value="6"/>
       </field>
       <field id="1" name="BonusTime" type="elapsed-s" default="300s">
@@ -202,36 +200,44 @@ Davis, CA 95616, USA
       </field>
     </command>
     <command id="0x06" name="SetScreenDailyTime" response="Y">
-      <access invokePrivilege="operate"/>
+      <access invokePrivilege="manage"/>
       <mandatoryConform>
         <feature name="ST"/>
       </mandatoryConform>
-      <field id="0" name="PINCode" type="string">
-        <mandatoryConform/>
-        <constraint type="maxLength" value="6"/>
-      </field>
-      <field id="1" name="ScreenTime" type="elapsed-s">
+      <field id="0" name="ScreenTime" type="elapsed-s">
         <mandatoryConform/>
       </field>
     </command>
     <command id="0x07" name="BlockUnratedContent" response="Y">
-      <access invokePrivilege="operate"/>
+      <access invokePrivilege="manage"/>
       <mandatoryConform>
         <feature name="BU"/>
       </mandatoryConform>
-      <field id="0" name="PINCode" type="string">
-        <mandatoryConform/>
-        <constraint type="maxLength" value="6"/>
-      </field>
     </command>
     <command id="0x08" name="UnblockUnratedContent" response="Y">
-      <access invokePrivilege="operate"/>
+      <access invokePrivilege="manage"/>
       <mandatoryConform>
         <feature name="BU"/>
       </mandatoryConform>
-      <field id="0" name="PINCode" type="string">
+    </command>
+    <command id="0x09" name="SetOnDemandRatingThreshold" response="Y">
+      <access invokePrivilege="manage"/>
+      <mandatoryConform>
+        <feature name="OCR"/>
+      </mandatoryConform>
+      <field id="0" name="Rating" type="string">
         <mandatoryConform/>
-        <constraint type="maxLength" value="6"/>
+        <constraint type="maxLength" value="8"/>
+      </field>
+    </command>
+    <command id="0x0a" name="SetScheduledContentRatingThreshold" response="Y">
+      <access invokePrivilege="manage"/>
+      <mandatoryConform>
+        <feature name="SCR"/>
+      </mandatoryConform>
+      <field id="0" name="Rating" type="string">
+        <mandatoryConform/>
+        <constraint type="maxLength" value="8"/>
       </field>
     </command>
   </commands>
diff --git a/data_model/clusters/ICDManagement.xml b/data_model/clusters/ICDManagement.xml
new file mode 100644
index 00000000000000..711b98b49b104c
--- /dev/null
+++ b/data_model/clusters/ICDManagement.xml
@@ -0,0 +1,180 @@
+<?xml version="1.0"?>
+<!--
+Copyright (C) Connectivity Standards Alliance (2021). All rights reserved.
+The information within this document is the property of the Connectivity
+Standards Alliance and its use and disclosure are restricted, except as
+expressly set forth herein.
+
+Connectivity Standards Alliance hereby grants you a fully-paid, non-exclusive,
+nontransferable, worldwide, limited and revocable license (without the right to
+sublicense), under Connectivity Standards Alliance's applicable copyright
+rights, to view, download, save, reproduce and use the document solely for your
+own internal purposes and in accordance with the terms of the license set forth
+herein. This license does not authorize you to, and you expressly warrant that
+you shall not: (a) permit others (outside your organization) to use this
+document; (b) post or publish this document; (c) modify, adapt, translate, or
+otherwise change this document in any manner or create any derivative work
+based on this document; (d) remove or modify any notice or label on this
+document, including this Copyright Notice, License and Disclaimer. The
+Connectivity Standards Alliance does not grant you any license hereunder other
+than as expressly stated herein.
+
+Elements of this document may be subject to third party intellectual property
+rights, including without limitation, patent, copyright or trademark rights,
+and any such third party may or may not be a member of the Connectivity
+Standards Alliance. Connectivity Standards Alliance members grant other
+Connectivity Standards Alliance members certain intellectual property rights as
+set forth in the Connectivity Standards Alliance IPR Policy. Connectivity
+Standards Alliance members do not grant you any rights under this license. The
+Connectivity Standards Alliance is not responsible for, and shall not be held
+responsible in any manner for, identifying or failing to identify any or all
+such third party intellectual property rights. Please visit www.csa-iot.org for
+more information on how to become a member of the Connectivity Standards
+Alliance.
+
+This document and the information contained herein are provided on an “AS IS”
+basis and the Connectivity Standards Alliance DISCLAIMS ALL WARRANTIES EXPRESS
+OR IMPLIED, INCLUDING BUT NOT LIMITED TO (A) ANY WARRANTY THAT THE USE OF THE
+INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OF THIRD PARTIES (INCLUDING
+WITHOUT LIMITATION ANY INTELLECTUAL PROPERTY RIGHTS INCLUDING PATENT, COPYRIGHT
+OR TRADEMARK RIGHTS); OR (B) ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS
+FOR A PARTICULAR PURPOSE, TITLE OR NONINFRINGEMENT. IN NO EVENT WILL THE
+CONNECTIVITY STANDARDS ALLIANCE BE LIABLE FOR ANY LOSS OF PROFITS, LOSS OF
+BUSINESS, LOSS OF USE OF DATA, INTERRUPTION OF BUSINESS, OR FOR ANY OTHER
+DIRECT, INDIRECT, SPECIAL OR EXEMPLARY, INCIDENTAL, PUNITIVE OR CONSEQUENTIAL
+DAMAGES OF ANY KIND, IN CONTRACT OR IN TORT, IN CONNECTION WITH THIS DOCUMENT
+OR THE INFORMATION CONTAINED HEREIN, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+LOSS OR DAMAGE.
+
+All company, brand and product names in this document may be trademarks that
+are the sole property of their respective owners.
+
+This notice and disclaimer must be included on all copies of this document.
+
+Connectivity Standards Alliance
+508 Second Street, Suite 206
+Davis, CA 95616, USA
+-->
+<cluster xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="types types.xsd cluster cluster.xsd" id="0x0046" name="ICDManagement" revision="2">
+  <revisionHistory>
+    <revision revision="1" summary="Initial Release"/>
+    <revision revision="2" summary="Addition of LIT ICD support and ActiveModeDuration"/>
+  </revisionHistory>
+  <classification hierarchy="base" role="utility" picsCode="ICDM" scope="Node"/>
+  <features>
+    <feature bit="0" code="CIP" name="CheckInProtocolSupport" summary="Device supports attributes and commands for the Check-In Protocol support.">
+      <optionalConform/>
+    </feature>
+  </features>
+  <dataTypes/>
+  <attributes>
+    <attribute id="0x0000" name="IdleModeDuration" type="uint32" default="1">
+      <access read="true" readPrivilege="view"/>
+      <quality changeOmitted="false" nullable="false" scene="false" persistence="fixed" reportable="false"/>
+      <mandatoryConform/>
+      <constraint type="between" from="1" to="64800"/>
+    </attribute>
+    <attribute id="0x0001" name="ActiveModeDuration" type="uint32" default="300">
+      <access read="true" readPrivilege="view"/>
+      <quality changeOmitted="false" nullable="false" scene="false" persistence="fixed" reportable="false"/>
+      <mandatoryConform/>
+    </attribute>
+    <attribute id="0x0002" name="ActiveModeThreshold" type="uint16" default="300">
+      <access read="true" readPrivilege="view"/>
+      <quality changeOmitted="false" nullable="false" scene="false" persistence="fixed" reportable="false"/>
+      <mandatoryConform/>
+    </attribute>
+    <attribute id="0x0003" name="RegisteredClients" type="list[MonitoringRegistrationStruct Type]" default="[]">
+      <access read="true" readPrivilege="admin"/>
+      <quality changeOmitted="false" nullable="false" scene="false" persistence="nonVolatile" reportable="false"/>
+      <mandatoryConform>
+        <feature name="CIP"/>
+      </mandatoryConform>
+      <constraint type="desc"/>
+    </attribute>
+    <attribute id="0x0004" name="ICDCounter" type="uint32" default="0">
+      <access read="true" readPrivilege="admin"/>
+      <quality changeOmitted="true" nullable="false" scene="false" persistence="nonVolatile" reportable="false"/>
+      <mandatoryConform>
+        <feature name="CIP"/>
+      </mandatoryConform>
+    </attribute>
+    <attribute id="0x0005" name="ClientsSupportedPerFabric" type="uint16" default="1">
+      <access read="true" readPrivilege="view"/>
+      <quality changeOmitted="false" nullable="false" scene="false" persistence="fixed" reportable="false"/>
+      <mandatoryConform>
+        <feature name="CIP"/>
+      </mandatoryConform>
+      <constraint type="min" value="1"/>
+    </attribute>
+  </attributes>
+  <commands>
+    <command id="0x00" name="RegisterClient" response="RegisterClientResponse">
+      <access invokePrivilege="manage" fabricScoped="true"/>
+      <mandatoryConform>
+        <feature name="CIP"/>
+      </mandatoryConform>
+      <field id="0" name="CheckInNodeID" type="node-id">
+        <mandatoryConform/>
+      </field>
+      <field id="1" name="MonitoredSubject" type="subject-id">
+        <mandatoryConform/>
+      </field>
+      <field id="2" name="Key" type="octets">
+        <mandatoryConform/>
+        <constraint type="maxLength" value="16"/>
+      </field>
+      <field id="3" name="VerificationKey" type="octets">
+        <optionalConform/>
+        <constraint type="maxLength" value="16"/>
+      </field>
+    </command>
+    <command id="0x01" name="RegisterClientResponse" direction="responseFromServer">
+      <access invokePrivilege="manage"/>
+      <mandatoryConform>
+        <feature name="CIP"/>
+      </mandatoryConform>
+      <field id="0" name="ICDCounter" type="uint32">
+        <mandatoryConform/>
+      </field>
+    </command>
+    <command id="0x02" name="UnregisterClient" response="Y">
+      <access invokePrivilege="manage" fabricScoped="true"/>
+      <mandatoryConform>
+        <feature name="CIP"/>
+      </mandatoryConform>
+      <field id="0" name="CheckInNodeID" type="node-id">
+        <mandatoryConform/>
+      </field>
+      <field id="1" name="VerificationKey" type="octets">
+        <optionalConform/>
+        <constraint type="maxLength" value="16"/>
+      </field>
+    </command>
+    <command id="0x03" name="StayActiveRequest" response="StayActiveResponse">
+      <access invokePrivilege="operate"/>
+      <otherwiseConform>
+        <mandatoryConform>
+          <feature name="LIT"/>
+        </mandatoryConform>
+        <optionalConform/>
+      </otherwiseConform>
+      <field id="0" name="StayActiveDuration" type="uint32" default="ActiveModeThreshold">
+        <mandatoryConform/>
+      </field>
+    </command>
+    <command id="0x04" name="StayActiveResponse" direction="responseFromServer">
+      <access invokePrivilege="operate"/>
+      <otherwiseConform>
+        <mandatoryConform>
+          <feature name="LIT"/>
+        </mandatoryConform>
+        <optionalConform/>
+      </otherwiseConform>
+      <field id="0" name="PromisedActiveDuration" type="uint32" default="ActiveModeThreshold">
+        <mandatoryConform/>
+        <constraint type="desc"/>
+      </field>
+    </command>
+  </commands>
+</cluster>
\ No newline at end of file
diff --git a/data_model/clusters/KeypadInput.xml b/data_model/clusters/KeypadInput.xml
index 30936891c6c71d..7179ae676b65fe 100644
--- a/data_model/clusters/KeypadInput.xml
+++ b/data_model/clusters/KeypadInput.xml
@@ -72,7 +72,7 @@ Davis, CA 95616, USA
     </feature>
   </features>
   <dataTypes>
-    <enum name="CECKeyCodeEnum">
+    <enum name="CecKeyCodeEnum">
       <item value="0" name="Select">
         <mandatoryConform/>
       </item>
@@ -348,7 +348,7 @@ Davis, CA 95616, USA
     <command id="0x00" name="SendKey" response="SendKeyResponse">
       <access invokePrivilege="operate"/>
       <mandatoryConform/>
-      <field id="0" name="KeyCode" type="CECKeyCodeEnum">
+      <field id="0" name="KeyCode" type="CecKeyCodeEnum">
         <mandatoryConform/>
       </field>
     </command>
diff --git a/data_model/clusters/MediaPlayback.xml b/data_model/clusters/MediaPlayback.xml
index 21001d287f6120..c53dc862808c12 100644
--- a/data_model/clusters/MediaPlayback.xml
+++ b/data_model/clusters/MediaPlayback.xml
@@ -61,10 +61,10 @@ Davis, CA 95616, USA
   </revisionHistory>
   <classification hierarchy="base" role="application" picsCode="MEDIAPLAYBACK" scope="Endpoint"/>
   <features>
-    <feature bit="0" code="AS" name="AdvancedSeek" summary="Enables clients to implement more advanced media seeking behavior in their user interface, such as for example a &quot;seek bar&quot;.">
+    <feature bit="0" code="AS" name="AdvancedSeek" summary="Advanced media seeking">
       <optionalConform/>
     </feature>
-    <feature bit="1" code="VS" name="VariableSpeed" summary="Support for commands to support variable speed playback on media that supports it.">
+    <feature bit="1" code="VS" name="VariableSpeed" summary="Variable speed playback">
       <optionalConform/>
     </feature>
   </features>
@@ -203,12 +203,22 @@ Davis, CA 95616, USA
       <mandatoryConform>
         <feature name="VS"/>
       </mandatoryConform>
+      <field id="0" name="AudioAdvanceUnmuted" type="bool" default="false">
+        <mandatoryConform>
+          <feature name="AA"/>
+        </mandatoryConform>
+      </field>
     </command>
     <command id="0x07" name="FastForward" response="PlaybackResponse">
       <access invokePrivilege="operate"/>
       <mandatoryConform>
         <feature name="VS"/>
       </mandatoryConform>
+      <field id="0" name="AudioAdvanceUnmuted" type="bool" default="false">
+        <mandatoryConform>
+          <feature name="AA"/>
+        </mandatoryConform>
+      </field>
     </command>
     <command id="0x08" name="SkipForward" response="PlaybackResponse">
       <access invokePrivilege="operate"/>
diff --git a/data_model/clusters/MicrowaveOvenControl.xml b/data_model/clusters/MicrowaveOvenControl.xml
index e97821db771a77..3f127cebd90367 100644
--- a/data_model/clusters/MicrowaveOvenControl.xml
+++ b/data_model/clusters/MicrowaveOvenControl.xml
@@ -55,7 +55,7 @@ Connectivity Standards Alliance
 508 Second Street, Suite 206
 Davis, CA 95616, USA
 -->
-<cluster xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="types types.xsd cluster cluster.xsd" id="0x050f" name="Microwave Oven Control" revision="1">
+<cluster xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="types types.xsd cluster cluster.xsd" id="0x005f" name="Microwave Oven Control" revision="1">
   <revisionHistory>
     <revision revision="1" summary="Initial Release"/>
   </revisionHistory>
diff --git a/data_model/clusters/PowerSourceCluster.xml b/data_model/clusters/PowerSourceCluster.xml
index f7b5da82ce20fc..27caade3c634a3 100644
--- a/data_model/clusters/PowerSourceCluster.xml
+++ b/data_model/clusters/PowerSourceCluster.xml
@@ -69,24 +69,24 @@ Davis, CA 95616, USA
       <optionalConform/>
     </feature>
     <feature bit="2" code="RECHG" name="Rechargeable" summary="A rechargeable battery power source">
-      <mandatoryConform>
+      <optionalConform>
         <feature name="BAT"/>
-      </mandatoryConform>
+      </optionalConform>
     </feature>
     <feature bit="3" code="REPLC" name="Replaceable" summary="A replaceable battery power source">
-      <mandatoryConform>
+      <optionalConform>
         <feature name="BAT"/>
-      </mandatoryConform>
+      </optionalConform>
     </feature>
     <feature bit="4" code="CHGM" name="ChargeManagement" summary="A battery with charging management">
-      <mandatoryConform>
+      <optionalConform>
         <feature name="BAT"/>
-      </mandatoryConform>
+      </optionalConform>
     </feature>
     <feature bit="5" code="DCHGM" name="DischargeManagement" summary="A battery with discharging management">
-      <mandatoryConform>
+      <optionalConform>
         <feature name="BAT"/>
-      </mandatoryConform>
+      </optionalConform>
     </feature>
   </features>
   <dataTypes>
diff --git a/data_model/clusters/TimeSync.xml b/data_model/clusters/TimeSync.xml
index c7ad7b0032aaf7..4515d44012085e 100644
--- a/data_model/clusters/TimeSync.xml
+++ b/data_model/clusters/TimeSync.xml
@@ -57,7 +57,7 @@ Connectivity Standards Alliance
 508 Second Street, Suite 206
 Davis, CA 95616, USA
 -->
-<cluster xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="types types.xsd cluster cluster.xsd" id="0x0038" name="Time Sync" revision="2">
+<cluster xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="types types.xsd cluster cluster.xsd" id="0x0038" name="Time Synchronization" revision="2">
   <revisionHistory>
     <revision revision="1" summary="Initial Release"/>
     <revision revision="2" summary="Make TrustedTimeSource fabric-aware, add TSC feature, define list max sizes, change writable attributes to commands, remote port, add attribute for DNS support"/>
diff --git a/data_model/spec_sha b/data_model/spec_sha
index 03c3b85baa2427..d0a25923c7c7b5 100644
--- a/data_model/spec_sha
+++ b/data_model/spec_sha
@@ -1 +1 @@
-49003c1b2337aa51dad227977981b763667d1f75
+8e4f91da4aacda4e799b9979605342a315ac7e43
diff --git a/scripts/spec_xml/generate_spec_xml.py b/scripts/spec_xml/generate_spec_xml.py
index d0b2635bcf3398..ab954f17a14fb7 100755
--- a/scripts/spec_xml/generate_spec_xml.py
+++ b/scripts/spec_xml/generate_spec_xml.py
@@ -66,7 +66,8 @@ def scrape_clusters(scraper, spec_root, output_dir, dry_run):
     media_clusters_dir = os.path.abspath(os.path.join(app_clusters_dir, 'media'))
     clusters_output_dir = os.path.abspath(os.path.join(output_dir, 'clusters'))
     dm_clusters_list = ['ACL-Cluster.adoc', 'Binding-Cluster.adoc', 'bridge-clusters.adoc',
-                        'Descriptor-Cluster.adoc', 'Group-Key-Management-Cluster.adoc', 'Label-Cluster.adoc']
+                        'Descriptor-Cluster.adoc', 'Group-Key-Management-Cluster.adoc', 'ICDManagement.adoc',
+                        'Label-Cluster.adoc']
     sdm_exclude_list = ['AdminAssistedCommissioningFlows.adoc', 'BulkDataExchange.adoc', 'CommissioningFlows.adoc',
                         'DeviceCommissioningFlows.adoc', 'DistributedComplianceLedger.adoc', 'OTAFileFormat.adoc']
     app_exclude_list = ['appliances.adoc', 'closures.adoc', 'general.adoc',

From b5dfe72508a27018af00520ac895f8e24c002385 Mon Sep 17 00:00:00 2001
From: C Freeman <cecille@google.com>
Date: Fri, 24 Nov 2023 10:50:23 -0500
Subject: [PATCH 2/3] RVC: Fix conformance (#30600)

- admin commissioning doesn't have the BCW feature, but had the
  command on - turned off command
- Identify cluster revision is now 4. It already included the
  v4 attribute, it was just the revision that was incorrect.
---
 examples/rvc-app/rvc-common/rvc-app.matter |  8 +-------
 examples/rvc-app/rvc-common/rvc-app.zap    | 10 +---------
 2 files changed, 2 insertions(+), 16 deletions(-)

diff --git a/examples/rvc-app/rvc-common/rvc-app.matter b/examples/rvc-app/rvc-common/rvc-app.matter
index 03773df659e16b..2c565deef1c480 100644
--- a/examples/rvc-app/rvc-common/rvc-app.matter
+++ b/examples/rvc-app/rvc-common/rvc-app.matter
@@ -664,12 +664,7 @@ server cluster AdministratorCommissioning = 60 {
     octet_string<32> salt = 4;
   }
 
-  request struct OpenBasicCommissioningWindowRequest {
-    int16u commissioningTimeout = 0;
-  }
-
   timed command access(invoke: administer) OpenCommissioningWindow(OpenCommissioningWindowRequest): DefaultSuccess = 0;
-  timed command access(invoke: administer) OpenBasicCommissioningWindow(OpenBasicCommissioningWindowRequest): DefaultSuccess = 1;
   timed command access(invoke: administer) RevokeCommissioning(): DefaultSuccess = 2;
 }
 
@@ -1162,7 +1157,6 @@ endpoint 0 {
     ram      attribute clusterRevision default = 0x0001;
 
     handle command OpenCommissioningWindow;
-    handle command OpenBasicCommissioningWindow;
     handle command RevokeCommissioning;
   }
 
@@ -1218,7 +1212,7 @@ endpoint 1 {
     callback attribute eventList;
     callback attribute attributeList default = 0;
     ram      attribute featureMap default = 0;
-    ram      attribute clusterRevision default = 2;
+    ram      attribute clusterRevision default = 4;
 
     handle command Identify;
     handle command TriggerEffect;
diff --git a/examples/rvc-app/rvc-common/rvc-app.zap b/examples/rvc-app/rvc-common/rvc-app.zap
index a8453c00f44c68..e81e19248c72bb 100644
--- a/examples/rvc-app/rvc-common/rvc-app.zap
+++ b/examples/rvc-app/rvc-common/rvc-app.zap
@@ -1426,14 +1426,6 @@
               "isIncoming": 1,
               "isEnabled": 1
             },
-            {
-              "name": "OpenBasicCommissioningWindow",
-              "code": 1,
-              "mfgCode": null,
-              "source": "client",
-              "isIncoming": 1,
-              "isEnabled": 1
-            },
             {
               "name": "RevokeCommissioning",
               "code": 2,
@@ -2095,7 +2087,7 @@
               "storageOption": "RAM",
               "singleton": 0,
               "bounded": 0,
-              "defaultValue": "2",
+              "defaultValue": "4",
               "reportable": 1,
               "minInterval": 1,
               "maxInterval": 65534,

From d82ce5744c7b24af0718736ff3d6313823121bfe Mon Sep 17 00:00:00 2001
From: Pradip De <pradipd@google.com>
Date: Fri, 24 Nov 2023 12:22:18 -0800
Subject: [PATCH 3/3] Ensure that MRP logic is not executed for messages over
 other Transports (#30124)

* Ensure that MRP logic is not executed for messages over other Transports

MRP based Ack handling and retransmissions should not be performed when
messages are not sent using MRP, e.g., over TCP.
Install guards on Send/Receive paths to steer traffic to bypass MRP
logic when going over TCP.

* Rename IsTransportTCP() to AllowsLargePayload()
---
 src/messaging/ExchangeContext.cpp           | 84 +++++++++++----------
 src/messaging/ExchangeMessageDispatch.cpp   | 78 +++++++++++--------
 src/messaging/ExchangeMessageDispatch.h     |  4 +
 src/messaging/ExchangeMgr.cpp               |  6 +-
 src/transport/GroupSession.h                |  6 +-
 src/transport/SecureSession.h               |  4 +-
 src/transport/Session.h                     |  3 +-
 src/transport/UnauthenticatedSessionTable.h |  4 +-
 8 files changed, 112 insertions(+), 77 deletions(-)

diff --git a/src/messaging/ExchangeContext.cpp b/src/messaging/ExchangeContext.cpp
index c9d912daf88091..31d579e660502c 100644
--- a/src/messaging/ExchangeContext.cpp
+++ b/src/messaging/ExchangeContext.cpp
@@ -113,7 +113,7 @@ CHIP_ERROR ExchangeContext::SendMessage(Protocols::Id protocolId, uint8_t msgTyp
     // If session requires MRP, NoAutoRequestAck send flag is not specified and is not a group exchange context, request reliable
     // transmission.
     bool reliableTransmissionRequested =
-        GetSessionHandle()->RequireMRP() && !sendFlags.Has(SendMessageFlags::kNoAutoRequestAck) && !IsGroupExchangeContext();
+        GetSessionHandle()->AllowsMRP() && !sendFlags.Has(SendMessageFlags::kNoAutoRequestAck) && !IsGroupExchangeContext();
 
     bool currentMessageExpectResponse = false;
     // If a response message is expected...
@@ -322,8 +322,8 @@ ExchangeContext::ExchangeContext(ExchangeManager * em, uint16_t ExchangeId, cons
 
     SetAckPending(false);
 
-    // Do not request Ack for multicast
-    SetAutoRequestAck(!session->IsGroupSession());
+    // Try to use MRP by default, if it is allowed.
+    SetAutoRequestAck(session->AllowsMRP());
 
 #if CHIP_CONFIG_ENABLE_ICD_SERVER
     app::ICDNotifier::GetInstance().BroadcastActiveRequestNotification(app::ICDListener::KeepActiveFlag::kExchangeContextOpen);
@@ -531,34 +531,37 @@ CHIP_ERROR ExchangeContext::HandleMessage(uint32_t messageCounter, const Payload
         MessageHandled();
     });
 
-    if (mDispatch.IsReliableTransmissionAllowed() && !IsGroupExchangeContext())
+    if (mSession->AllowsMRP())
     {
-        if (!msgFlags.Has(MessageFlagValues::kDuplicateMessage) && payloadHeader.IsAckMsg() &&
-            payloadHeader.GetAckMessageCounter().HasValue())
+        if (mDispatch.IsReliableTransmissionAllowed())
         {
-            HandleRcvdAck(payloadHeader.GetAckMessageCounter().Value());
+            if (!msgFlags.Has(MessageFlagValues::kDuplicateMessage) && payloadHeader.IsAckMsg() &&
+                payloadHeader.GetAckMessageCounter().HasValue())
+            {
+                HandleRcvdAck(payloadHeader.GetAckMessageCounter().Value());
+            }
+
+            if (payloadHeader.NeedsAck())
+            {
+                // An acknowledgment needs to be sent back to the peer for this message on this exchange,
+                HandleNeedsAck(messageCounter, msgFlags);
+            }
         }
 
-        if (payloadHeader.NeedsAck())
+        if (IsAckPending() && !mDelegate)
         {
-            // An acknowledgment needs to be sent back to the peer for this message on this exchange,
-            HandleNeedsAck(messageCounter, msgFlags);
+            // The incoming message wants an ack, but we have no delegate, so
+            // there's not going to be a response to piggyback on.  Just flush the
+            // ack out right now.
+            ReturnErrorOnFailure(FlushAcks());
         }
-    }
 
-    if (IsAckPending() && !mDelegate)
-    {
-        // The incoming message wants an ack, but we have no delegate, so
-        // there's not going to be a response to piggyback on.  Just flush the
-        // ack out right now.
-        ReturnErrorOnFailure(FlushAcks());
-    }
-
-    // The SecureChannel::StandaloneAck message type is only used for MRP; do not pass such messages to the application layer.
-    if (isStandaloneAck)
-    {
-        return CHIP_NO_ERROR;
-    }
+        // The SecureChannel::StandaloneAck message type is only used for MRP; do not pass such messages to the application layer.
+        if (isStandaloneAck)
+        {
+            return CHIP_NO_ERROR;
+        }
+    } // AllowsMRP
 
     // Since the message is duplicate, let's not forward it up the stack
     if (isDuplicate)
@@ -566,23 +569,26 @@ CHIP_ERROR ExchangeContext::HandleMessage(uint32_t messageCounter, const Payload
         return CHIP_NO_ERROR;
     }
 
-    if (IsEphemeralExchange())
+    if (mSession->AllowsMRP())
     {
-        // The EphemeralExchange has done its job, since StandaloneAck is sent in previous FlushAcks() call.
-        return CHIP_NO_ERROR;
-    }
+        if (IsEphemeralExchange())
+        {
+            // The EphemeralExchange has done its job, since StandaloneAck is sent in previous FlushAcks() call.
+            return CHIP_NO_ERROR;
+        }
 
-    if (IsWaitingForAck())
-    {
-        // The only way we can get here is a spec violation on the other side:
-        // we sent a message that needs an ack, and the other side responded
-        // with a message that does not contain an ack for the message we sent.
-        // Just drop this message; if we delivered it to our delegate it might
-        // try to send another message-needing-an-ack in response, which would
-        // violate our internal invariants.
-        ChipLogError(ExchangeManager, "Dropping message without piggyback ack when we are waiting for an ack.");
-        return CHIP_ERROR_INCORRECT_STATE;
-    }
+        if (IsWaitingForAck())
+        {
+            // The only way we can get here is a spec violation on the other side:
+            // we sent a message that needs an ack, and the other side responded
+            // with a message that does not contain an ack for the message we sent.
+            // Just drop this message; if we delivered it to our delegate it might
+            // try to send another message-needing-an-ack in response, which would
+            // violate our internal invariants.
+            ChipLogError(ExchangeManager, "Dropping message without piggyback ack when we are waiting for an ack.");
+            return CHIP_ERROR_INCORRECT_STATE;
+        }
+    } // AllowsMRP
 
 #if CHIP_CONFIG_ENABLE_ICD_SERVER
     // message received
diff --git a/src/messaging/ExchangeMessageDispatch.cpp b/src/messaging/ExchangeMessageDispatch.cpp
index 1ffbfe3657c6cd..950be48ae5802a 100644
--- a/src/messaging/ExchangeMessageDispatch.cpp
+++ b/src/messaging/ExchangeMessageDispatch.cpp
@@ -51,45 +51,61 @@ CHIP_ERROR ExchangeMessageDispatch::SendMessage(SessionManager * sessionManager,
     PayloadHeader payloadHeader;
     payloadHeader.SetExchangeID(exchangeId).SetMessageType(protocol, type).SetInitiator(isInitiator);
 
-    // If there is a pending acknowledgment piggyback it on this message.
-    if (reliableMessageContext->HasPiggybackAckPending())
+    if (session->AllowsMRP())
     {
-        payloadHeader.SetAckMessageCounter(reliableMessageContext->TakePendingPeerAckMessageCounter());
-    }
-
-    if (IsReliableTransmissionAllowed() && reliableMessageContext->AutoRequestAck() &&
-        reliableMessageContext->GetReliableMessageMgr() != nullptr && isReliableTransmission)
-    {
-        auto * reliableMessageMgr = reliableMessageContext->GetReliableMessageMgr();
-
-        payloadHeader.SetNeedsAck(true);
-
-        ReliableMessageMgr::RetransTableEntry * entry = nullptr;
-
-        // Add to Table for subsequent sending
-        ReturnErrorOnFailure(reliableMessageMgr->AddToRetransTable(reliableMessageContext, &entry));
-        auto deleter = [reliableMessageMgr](ReliableMessageMgr::RetransTableEntry * e) {
-            reliableMessageMgr->ClearRetransTable(*e);
-        };
-        std::unique_ptr<ReliableMessageMgr::RetransTableEntry, decltype(deleter)> entryOwner(entry, deleter);
-
-        ReturnErrorOnFailure(sessionManager->PrepareMessage(session, payloadHeader, std::move(message), entryOwner->retainedBuf));
-        CHIP_ERROR err = sessionManager->SendPreparedMessage(session, entryOwner->retainedBuf);
-        err            = ReliableMessageMgr::MapSendError(err, exchangeId, isInitiator);
-        ReturnErrorOnFailure(err);
-        reliableMessageMgr->StartRetransmision(entryOwner.release());
+        // If there is a pending acknowledgment piggyback it on this message.
+        if (reliableMessageContext->HasPiggybackAckPending())
+        {
+            payloadHeader.SetAckMessageCounter(reliableMessageContext->TakePendingPeerAckMessageCounter());
+        }
+
+        if (IsReliableTransmissionAllowed() && reliableMessageContext->AutoRequestAck() &&
+            reliableMessageContext->GetReliableMessageMgr() != nullptr && isReliableTransmission)
+        {
+            auto * reliableMessageMgr = reliableMessageContext->GetReliableMessageMgr();
+
+            payloadHeader.SetNeedsAck(true);
+
+            ReliableMessageMgr::RetransTableEntry * entry = nullptr;
+
+            // Add to Table for subsequent sending
+            ReturnErrorOnFailure(reliableMessageMgr->AddToRetransTable(reliableMessageContext, &entry));
+            auto deleter = [reliableMessageMgr](ReliableMessageMgr::RetransTableEntry * e) {
+                reliableMessageMgr->ClearRetransTable(*e);
+            };
+            std::unique_ptr<ReliableMessageMgr::RetransTableEntry, decltype(deleter)> entryOwner(entry, deleter);
+
+            ReturnErrorOnFailure(
+                sessionManager->PrepareMessage(session, payloadHeader, std::move(message), entryOwner->retainedBuf));
+            CHIP_ERROR err = sessionManager->SendPreparedMessage(session, entryOwner->retainedBuf);
+            err            = ReliableMessageMgr::MapSendError(err, exchangeId, isInitiator);
+            ReturnErrorOnFailure(err);
+            reliableMessageMgr->StartRetransmision(entryOwner.release());
+        }
+        else
+        {
+            ReturnErrorOnFailure(PrepareAndSendNonMRPMessage(sessionManager, session, payloadHeader, std::move(message)));
+        }
     }
     else
     {
-        // If the channel itself is providing reliability, let's not request MRP acks
-        payloadHeader.SetNeedsAck(false);
-        EncryptedPacketBufferHandle preparedMessage;
-        ReturnErrorOnFailure(sessionManager->PrepareMessage(session, payloadHeader, std::move(message), preparedMessage));
-        ReturnErrorOnFailure(sessionManager->SendPreparedMessage(session, preparedMessage));
+        ReturnErrorOnFailure(PrepareAndSendNonMRPMessage(sessionManager, session, payloadHeader, std::move(message)));
     }
 
     return CHIP_NO_ERROR;
 }
 
+CHIP_ERROR ExchangeMessageDispatch::PrepareAndSendNonMRPMessage(SessionManager * sessionManager, const SessionHandle & session,
+                                                                PayloadHeader & payloadHeader,
+                                                                System::PacketBufferHandle && message)
+{
+    payloadHeader.SetNeedsAck(false);
+    EncryptedPacketBufferHandle preparedMessage;
+    ReturnErrorOnFailure(sessionManager->PrepareMessage(session, payloadHeader, std::move(message), preparedMessage));
+    ReturnErrorOnFailure(sessionManager->SendPreparedMessage(session, preparedMessage));
+
+    return CHIP_NO_ERROR;
+}
+
 } // namespace Messaging
 } // namespace chip
diff --git a/src/messaging/ExchangeMessageDispatch.h b/src/messaging/ExchangeMessageDispatch.h
index 35f12e06e80d36..8585ebd422fc5f 100644
--- a/src/messaging/ExchangeMessageDispatch.h
+++ b/src/messaging/ExchangeMessageDispatch.h
@@ -48,6 +48,10 @@ class ExchangeMessageDispatch
 
     // TODO: remove IsReliableTransmissionAllowed, this function should be provided over session.
     virtual bool IsReliableTransmissionAllowed() const { return true; }
+
+private:
+    CHIP_ERROR PrepareAndSendNonMRPMessage(SessionManager * sessionManager, const SessionHandle & session,
+                                           PayloadHeader & payloadHeader, System::PacketBufferHandle && message);
 };
 
 } // namespace Messaging
diff --git a/src/messaging/ExchangeMgr.cpp b/src/messaging/ExchangeMgr.cpp
index dddc9c6fd4ce8f..2ca22031094bb7 100644
--- a/src/messaging/ExchangeMgr.cpp
+++ b/src/messaging/ExchangeMgr.cpp
@@ -372,8 +372,10 @@ void ExchangeManager::SendStandaloneAckIfNeeded(const PacketHeader & packetHeade
                                                 const SessionHandle & session, MessageFlags msgFlags,
                                                 System::PacketBufferHandle && msgBuf)
 {
-    // If we need to send a StandaloneAck, create a EphemeralExchange for the purpose to send the StandaloneAck
-    if (!payloadHeader.NeedsAck())
+
+    // If using the MRP protocol and we need to send a StandaloneAck, create an EphemeralExchange to send
+    // the StandaloneAck.
+    if (!session->AllowsMRP() || !payloadHeader.NeedsAck())
         return;
 
     // If rcvd msg is from initiator then this exchange is created as not Initiator.
diff --git a/src/transport/GroupSession.h b/src/transport/GroupSession.h
index 608bc78891b0e0..f20ff069ab029f 100644
--- a/src/transport/GroupSession.h
+++ b/src/transport/GroupSession.h
@@ -57,7 +57,8 @@ class IncomingGroupSession : public Session, public ReferenceCounted<IncomingGro
         return subjectDescriptor;
     }
 
-    bool RequireMRP() const override { return false; }
+    bool AllowsMRP() const override { return false; }
+    bool AllowsLargePayload() const override { return false; }
 
     const SessionParameters & GetRemoteSessionParameters() const override
     {
@@ -108,7 +109,8 @@ class OutgoingGroupSession : public Session, public ReferenceCounted<OutgoingGro
         return Access::SubjectDescriptor(); // no subject exists for outgoing group session.
     }
 
-    bool RequireMRP() const override { return false; }
+    bool AllowsMRP() const override { return false; }
+    bool AllowsLargePayload() const override { return false; }
 
     const SessionParameters & GetRemoteSessionParameters() const override
     {
diff --git a/src/transport/SecureSession.h b/src/transport/SecureSession.h
index 9d4378a096b028..b18cc05b4ce716 100644
--- a/src/transport/SecureSession.h
+++ b/src/transport/SecureSession.h
@@ -156,7 +156,9 @@ class SecureSession : public Session, public ReferenceCounted<SecureSession, Sec
 
     Access::SubjectDescriptor GetSubjectDescriptor() const override;
 
-    bool RequireMRP() const override { return GetPeerAddress().GetTransportType() == Transport::Type::kUdp; }
+    bool AllowsMRP() const override { return GetPeerAddress().GetTransportType() == Transport::Type::kUdp; }
+
+    bool AllowsLargePayload() const override { return GetPeerAddress().GetTransportType() == Transport::Type::kTcp; }
 
     System::Clock::Milliseconds32 GetAckTimeout() const override
     {
diff --git a/src/transport/Session.h b/src/transport/Session.h
index b93672d75a7a81..f211a610386bf2 100644
--- a/src/transport/Session.h
+++ b/src/transport/Session.h
@@ -195,7 +195,8 @@ class Session
     virtual ScopedNodeId GetPeer() const                                 = 0;
     virtual ScopedNodeId GetLocalScopedNodeId() const                    = 0;
     virtual Access::SubjectDescriptor GetSubjectDescriptor() const       = 0;
-    virtual bool RequireMRP() const                                      = 0;
+    virtual bool AllowsMRP() const                                       = 0;
+    virtual bool AllowsLargePayload() const                              = 0;
     virtual const SessionParameters & GetRemoteSessionParameters() const = 0;
     virtual System::Clock::Timestamp GetMRPBaseTimeout() const           = 0;
     virtual System::Clock::Milliseconds32 GetAckTimeout() const          = 0;
diff --git a/src/transport/UnauthenticatedSessionTable.h b/src/transport/UnauthenticatedSessionTable.h
index 9b6d3e30e4f9fb..48e2025d10a487 100644
--- a/src/transport/UnauthenticatedSessionTable.h
+++ b/src/transport/UnauthenticatedSessionTable.h
@@ -83,7 +83,9 @@ class UnauthenticatedSession : public Session, public ReferenceCounted<Unauthent
         return Access::SubjectDescriptor(); // return an empty ISD for unauthenticated session.
     }
 
-    bool RequireMRP() const override { return GetPeerAddress().GetTransportType() == Transport::Type::kUdp; }
+    bool AllowsMRP() const override { return GetPeerAddress().GetTransportType() == Transport::Type::kUdp; }
+
+    bool AllowsLargePayload() const override { return GetPeerAddress().GetTransportType() == Transport::Type::kTcp; }
 
     System::Clock::Milliseconds32 GetAckTimeout() const override
     {