Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add ARL feature to access control cluster and regen #34535

Merged
merged 8 commits into from
Jul 30, 2024
Merged
Show file tree
Hide file tree
Changes from 3 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -89,7 +89,7 @@ cluster Descriptor = 29 {
and enforce Access Control for the Node's endpoints and their associated
cluster instances. */
cluster AccessControl = 31 {
revision 1; // NOTE: Default/not specifically set
revision 2;

enum AccessControlEntryAuthModeEnum : enum8 {
kPASE = 1;
Expand All @@ -105,12 +105,41 @@ cluster AccessControl = 31 {
kAdminister = 5;
}

enum AccessRestrictionTypeEnum : enum8 {
kAttributeAccessForbidden = 0;
kAttributeWriteForbidden = 1;
kCommandForbidden = 2;
kEventForbidden = 3;
}

enum ChangeTypeEnum : enum8 {
kChanged = 0;
kAdded = 1;
kRemoved = 2;
}

bitmap Feature : bitmap32 {
kManagedDevice = 0x1;
}

struct AccessRestrictionStruct {
AccessRestrictionTypeEnum type = 0;
nullable int32u id = 1;
}

struct CommissioningAccessRestrictionEntryStruct {
endpoint_no endpoint = 0;
cluster_id cluster = 1;
AccessRestrictionStruct restrictions[] = 2;
}

fabric_scoped struct AccessRestrictionEntryStruct {
fabric_sensitive endpoint_no endpoint = 0;
fabric_sensitive cluster_id cluster = 1;
fabric_sensitive AccessRestrictionStruct restrictions[] = 2;
fabric_idx fabricIndex = 254;
}

struct AccessControlTargetStruct {
nullable cluster_id cluster = 0;
nullable endpoint_no endpoint = 1;
Expand Down Expand Up @@ -146,17 +175,41 @@ cluster AccessControl = 31 {
fabric_idx fabricIndex = 254;
}

fabric_sensitive info event access(read: administer) AccessRestrictionEntryChanged = 2 {
fabric_idx fabricIndex = 254;
}

fabric_sensitive info event access(read: administer) FabricRestrictionReviewUpdate = 3 {
int64u token = 0;
nullable char_string instruction = 1;
nullable char_string redirectURL = 2;
fabric_idx fabricIndex = 254;
}

attribute access(read: administer, write: administer) AccessControlEntryStruct acl[] = 0;
attribute access(read: administer, write: administer) optional AccessControlExtensionStruct extension[] = 1;
readonly attribute int16u subjectsPerAccessControlEntry = 2;
readonly attribute int16u targetsPerAccessControlEntry = 3;
readonly attribute int16u accessControlEntriesPerFabric = 4;
readonly attribute optional CommissioningAccessRestrictionEntryStruct commissioningARL[] = 5;
andy31415 marked this conversation as resolved.
Show resolved Hide resolved
readonly attribute optional AccessRestrictionEntryStruct arl[] = 6;
readonly attribute command_id generatedCommandList[] = 65528;
readonly attribute command_id acceptedCommandList[] = 65529;
readonly attribute event_id eventList[] = 65530;
readonly attribute attrib_id attributeList[] = 65531;
readonly attribute bitmap32 featureMap = 65532;
readonly attribute int16u clusterRevision = 65533;

request struct ReviewFabricRestrictionsRequest {
optional CommissioningAccessRestrictionEntryStruct arl[] = 0;
}

response struct ReviewFabricRestrictionsResponse = 1 {
andy31415 marked this conversation as resolved.
Show resolved Hide resolved
int64u token = 0;
}

/** This command signals to the service associated with the device maker that the fabric administrator would like a review of the current fabric restrictions. */
command access(invoke: administer) ReviewFabricRestrictions(ReviewFabricRestrictionsRequest): ReviewFabricRestrictionsResponse = 0;
}

/** This cluster provides attributes and events for determining basic information about Nodes, which supports both
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -89,7 +89,7 @@ cluster Descriptor = 29 {
and enforce Access Control for the Node's endpoints and their associated
cluster instances. */
cluster AccessControl = 31 {
revision 1; // NOTE: Default/not specifically set
revision 2;

enum AccessControlEntryAuthModeEnum : enum8 {
kPASE = 1;
Expand All @@ -105,12 +105,41 @@ cluster AccessControl = 31 {
kAdminister = 5;
}

enum AccessRestrictionTypeEnum : enum8 {
kAttributeAccessForbidden = 0;
kAttributeWriteForbidden = 1;
kCommandForbidden = 2;
kEventForbidden = 3;
}

enum ChangeTypeEnum : enum8 {
kChanged = 0;
kAdded = 1;
kRemoved = 2;
}

bitmap Feature : bitmap32 {
kManagedDevice = 0x1;
}

struct AccessRestrictionStruct {
AccessRestrictionTypeEnum type = 0;
nullable int32u id = 1;
}

struct CommissioningAccessRestrictionEntryStruct {
endpoint_no endpoint = 0;
cluster_id cluster = 1;
AccessRestrictionStruct restrictions[] = 2;
}

fabric_scoped struct AccessRestrictionEntryStruct {
fabric_sensitive endpoint_no endpoint = 0;
fabric_sensitive cluster_id cluster = 1;
fabric_sensitive AccessRestrictionStruct restrictions[] = 2;
fabric_idx fabricIndex = 254;
}

struct AccessControlTargetStruct {
nullable cluster_id cluster = 0;
nullable endpoint_no endpoint = 1;
Expand Down Expand Up @@ -146,17 +175,41 @@ cluster AccessControl = 31 {
fabric_idx fabricIndex = 254;
}

fabric_sensitive info event access(read: administer) AccessRestrictionEntryChanged = 2 {
fabric_idx fabricIndex = 254;
}

fabric_sensitive info event access(read: administer) FabricRestrictionReviewUpdate = 3 {
int64u token = 0;
nullable char_string instruction = 1;
nullable char_string redirectURL = 2;
fabric_idx fabricIndex = 254;
}

attribute access(read: administer, write: administer) AccessControlEntryStruct acl[] = 0;
attribute access(read: administer, write: administer) optional AccessControlExtensionStruct extension[] = 1;
readonly attribute int16u subjectsPerAccessControlEntry = 2;
readonly attribute int16u targetsPerAccessControlEntry = 3;
readonly attribute int16u accessControlEntriesPerFabric = 4;
readonly attribute optional CommissioningAccessRestrictionEntryStruct commissioningARL[] = 5;
readonly attribute optional AccessRestrictionEntryStruct arl[] = 6;
readonly attribute command_id generatedCommandList[] = 65528;
readonly attribute command_id acceptedCommandList[] = 65529;
readonly attribute event_id eventList[] = 65530;
readonly attribute attrib_id attributeList[] = 65531;
readonly attribute bitmap32 featureMap = 65532;
readonly attribute int16u clusterRevision = 65533;

request struct ReviewFabricRestrictionsRequest {
optional CommissioningAccessRestrictionEntryStruct arl[] = 0;
}

response struct ReviewFabricRestrictionsResponse = 1 {
int64u token = 0;
}

/** This command signals to the service associated with the device maker that the fabric administrator would like a review of the current fabric restrictions. */
command access(invoke: administer) ReviewFabricRestrictions(ReviewFabricRestrictionsRequest): ReviewFabricRestrictionsResponse = 0;
}

/** This cluster provides attributes and events for determining basic information about Nodes, which supports both
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -491,7 +491,7 @@ cluster Binding = 30 {
and enforce Access Control for the Node's endpoints and their associated
cluster instances. */
cluster AccessControl = 31 {
revision 1; // NOTE: Default/not specifically set
revision 2;

enum AccessControlEntryAuthModeEnum : enum8 {
kPASE = 1;
Expand All @@ -507,12 +507,41 @@ cluster AccessControl = 31 {
kAdminister = 5;
}

enum AccessRestrictionTypeEnum : enum8 {
kAttributeAccessForbidden = 0;
kAttributeWriteForbidden = 1;
kCommandForbidden = 2;
kEventForbidden = 3;
}

enum ChangeTypeEnum : enum8 {
kChanged = 0;
kAdded = 1;
kRemoved = 2;
}

bitmap Feature : bitmap32 {
kManagedDevice = 0x1;
}

struct AccessRestrictionStruct {
AccessRestrictionTypeEnum type = 0;
nullable int32u id = 1;
}

struct CommissioningAccessRestrictionEntryStruct {
endpoint_no endpoint = 0;
cluster_id cluster = 1;
AccessRestrictionStruct restrictions[] = 2;
}

fabric_scoped struct AccessRestrictionEntryStruct {
fabric_sensitive endpoint_no endpoint = 0;
fabric_sensitive cluster_id cluster = 1;
fabric_sensitive AccessRestrictionStruct restrictions[] = 2;
fabric_idx fabricIndex = 254;
}

struct AccessControlTargetStruct {
nullable cluster_id cluster = 0;
nullable endpoint_no endpoint = 1;
Expand Down Expand Up @@ -548,17 +577,41 @@ cluster AccessControl = 31 {
fabric_idx fabricIndex = 254;
}

fabric_sensitive info event access(read: administer) AccessRestrictionEntryChanged = 2 {
fabric_idx fabricIndex = 254;
}

fabric_sensitive info event access(read: administer) FabricRestrictionReviewUpdate = 3 {
int64u token = 0;
nullable char_string instruction = 1;
nullable char_string redirectURL = 2;
fabric_idx fabricIndex = 254;
}

attribute access(read: administer, write: administer) AccessControlEntryStruct acl[] = 0;
attribute access(read: administer, write: administer) optional AccessControlExtensionStruct extension[] = 1;
readonly attribute int16u subjectsPerAccessControlEntry = 2;
readonly attribute int16u targetsPerAccessControlEntry = 3;
readonly attribute int16u accessControlEntriesPerFabric = 4;
readonly attribute optional CommissioningAccessRestrictionEntryStruct commissioningARL[] = 5;
readonly attribute optional AccessRestrictionEntryStruct arl[] = 6;
readonly attribute command_id generatedCommandList[] = 65528;
readonly attribute command_id acceptedCommandList[] = 65529;
readonly attribute event_id eventList[] = 65530;
readonly attribute attrib_id attributeList[] = 65531;
readonly attribute bitmap32 featureMap = 65532;
readonly attribute int16u clusterRevision = 65533;

request struct ReviewFabricRestrictionsRequest {
optional CommissioningAccessRestrictionEntryStruct arl[] = 0;
}

response struct ReviewFabricRestrictionsResponse = 1 {
int64u token = 0;
}

/** This command signals to the service associated with the device maker that the fabric administrator would like a review of the current fabric restrictions. */
command access(invoke: administer) ReviewFabricRestrictions(ReviewFabricRestrictionsRequest): ReviewFabricRestrictionsResponse = 0;
}

/** This cluster provides a standardized way for a Node (typically a Bridge, but could be any Node) to expose action information. */
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -384,7 +384,7 @@ cluster Binding = 30 {
and enforce Access Control for the Node's endpoints and their associated
cluster instances. */
cluster AccessControl = 31 {
revision 1; // NOTE: Default/not specifically set
revision 2;

enum AccessControlEntryAuthModeEnum : enum8 {
kPASE = 1;
Expand All @@ -400,12 +400,41 @@ cluster AccessControl = 31 {
kAdminister = 5;
}

enum AccessRestrictionTypeEnum : enum8 {
kAttributeAccessForbidden = 0;
kAttributeWriteForbidden = 1;
kCommandForbidden = 2;
kEventForbidden = 3;
}

enum ChangeTypeEnum : enum8 {
kChanged = 0;
kAdded = 1;
kRemoved = 2;
}

bitmap Feature : bitmap32 {
kManagedDevice = 0x1;
}

struct AccessRestrictionStruct {
AccessRestrictionTypeEnum type = 0;
nullable int32u id = 1;
}

struct CommissioningAccessRestrictionEntryStruct {
endpoint_no endpoint = 0;
cluster_id cluster = 1;
AccessRestrictionStruct restrictions[] = 2;
}

fabric_scoped struct AccessRestrictionEntryStruct {
fabric_sensitive endpoint_no endpoint = 0;
fabric_sensitive cluster_id cluster = 1;
fabric_sensitive AccessRestrictionStruct restrictions[] = 2;
fabric_idx fabricIndex = 254;
}

struct AccessControlTargetStruct {
nullable cluster_id cluster = 0;
nullable endpoint_no endpoint = 1;
Expand Down Expand Up @@ -441,17 +470,41 @@ cluster AccessControl = 31 {
fabric_idx fabricIndex = 254;
}

fabric_sensitive info event access(read: administer) AccessRestrictionEntryChanged = 2 {
fabric_idx fabricIndex = 254;
}

fabric_sensitive info event access(read: administer) FabricRestrictionReviewUpdate = 3 {
int64u token = 0;
nullable char_string instruction = 1;
nullable char_string redirectURL = 2;
fabric_idx fabricIndex = 254;
}

attribute access(read: administer, write: administer) AccessControlEntryStruct acl[] = 0;
attribute access(read: administer, write: administer) optional AccessControlExtensionStruct extension[] = 1;
readonly attribute int16u subjectsPerAccessControlEntry = 2;
readonly attribute int16u targetsPerAccessControlEntry = 3;
readonly attribute int16u accessControlEntriesPerFabric = 4;
readonly attribute optional CommissioningAccessRestrictionEntryStruct commissioningARL[] = 5;
readonly attribute optional AccessRestrictionEntryStruct arl[] = 6;
readonly attribute command_id generatedCommandList[] = 65528;
readonly attribute command_id acceptedCommandList[] = 65529;
readonly attribute event_id eventList[] = 65530;
readonly attribute attrib_id attributeList[] = 65531;
readonly attribute bitmap32 featureMap = 65532;
readonly attribute int16u clusterRevision = 65533;

request struct ReviewFabricRestrictionsRequest {
optional CommissioningAccessRestrictionEntryStruct arl[] = 0;
}

response struct ReviewFabricRestrictionsResponse = 1 {
int64u token = 0;
}

/** This command signals to the service associated with the device maker that the fabric administrator would like a review of the current fabric restrictions. */
command access(invoke: administer) ReviewFabricRestrictions(ReviewFabricRestrictionsRequest): ReviewFabricRestrictionsResponse = 0;
}

/** This cluster provides a standardized way for a Node (typically a Bridge, but could be any Node) to expose action information. */
Expand Down
Loading
Loading