From 8c124604bc901b3ffd66d28a5ad3e3186d2d7b3a Mon Sep 17 00:00:00 2001 From: Marc Lepage <mlepage@google.com> Date: Thu, 25 Nov 2021 12:31:08 -0500 Subject: [PATCH] Add access control cluster xml Issue #11204 --- .../zcl/data-model/chip/ACL-cluster.xml | 38 ---------- .../chip/access-control-cluster.xml | 73 +++++++++++++++++++ .../zcl/data-model/chip/matter-devices.xml | 5 +- 3 files changed, 77 insertions(+), 39 deletions(-) delete mode 100644 src/app/zap-templates/zcl/data-model/chip/ACL-cluster.xml create mode 100644 src/app/zap-templates/zcl/data-model/chip/access-control-cluster.xml diff --git a/src/app/zap-templates/zcl/data-model/chip/ACL-cluster.xml b/src/app/zap-templates/zcl/data-model/chip/ACL-cluster.xml deleted file mode 100644 index 0197a4c53879a7..00000000000000 --- a/src/app/zap-templates/zcl/data-model/chip/ACL-cluster.xml +++ /dev/null @@ -1,38 +0,0 @@ -<?xml version="1.0"?> -<!-- -Copyright (c) 2021 Project CHIP Authors - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. ---> -<configurator> - <domain name="CHIP"/> - - - <cluster> - <domain>General</domain> - <name>ACL</name> - <code>0x001F</code> - <define>ACL_CLUSTER</define> - <client init="false" tick="false">true</client> - <server init="false" tick="false">true</server> - <description>The Access Control Cluster exposes a data model view of a Node’s Access Control List (ACL), which -codifies the rules used to manage and enforce Access Control for the Node’s endpoints and their -associated cluster instances. Access to this Access Control Cluster itself requires a special -Administer privilege level, such that only Nodes granted such privilege (hereafter termed -"Administrators") can manage the Access Control Cluster.</description> - <!-- Base data types --> - - <!-- Test Commands --> - - </cluster> -</configurator> diff --git a/src/app/zap-templates/zcl/data-model/chip/access-control-cluster.xml b/src/app/zap-templates/zcl/data-model/chip/access-control-cluster.xml new file mode 100644 index 00000000000000..2b14a6cf18b095 --- /dev/null +++ b/src/app/zap-templates/zcl/data-model/chip/access-control-cluster.xml @@ -0,0 +1,73 @@ +<?xml version="1.0"?> +<!-- +Copyright (c) 2021 Project CHIP Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +--> +<configurator> + <domain name="CHIP"/> + + <enum name="Privilege" type="ENUM8"> + <cluster code="0x001F"/> + <item name="View" value="0x01"/> + <item name="ProxyView" value="0x02"/> + <item name="Operate" value="0x03"/> + <item name="Manage" value="0x04"/> + <item name="Administer" value="0x05"/> + </enum> + + <enum name="AuthMode" type="ENUM8"> + <cluster code="0x001F"/> + <item name="PASE" value="0x01"/> + <item name="CASE" value="0x02"/> + <item name="Group" value="0x03"/> + </enum> + + <struct name="Target"> + <cluster code="0x001F"/> + <item fieldId="0" name="Cluster" type="INT32U" isNullable="true"/> + <item fieldId="1" name="Endpoint" type="INT16U" isNullable="true"/> + <item fieldId="2" name="DeviceType" type="INT32U" isNullable="true"/> + </struct> + + <struct name="AccessControlEntry"> + <cluster code="0x001F"/> + <item fieldId="0" name="FabricIndex" type="INT8U"/> + <item fieldId="1" name="Privilege" type="Privilege"/> + <item fieldId="2" name="AuthMode" type="AuthMode"/> + <item fieldId="3" name="Subjects" type="INT64U" isNullable="true" array="true"/> + <item fieldId="4" name="Targets" type="Target" isNullable="true" array="true"/> + </struct> + + <struct name="ExtensionEntry"> + <cluster code="0x001F"/> + <item fieldId="0" name="FabricIndex" type="INT8U"/> + <item fieldId="1" name="Data" type="OCTET_STRING" length="254"/> + </struct> + + <cluster> + <domain>General</domain> + <name>Access Control</name> + <code>0x001F</code> + <define>ACCESS_CONTROL_CLUSTER</define> + <client init="false" tick="false">true</client> + <server init="false" tick="false">true</server> + <description>The Access Control Cluster exposes a data model view of a + Node’s Access Control List (ACL), which codifies the rules used to manage + and enforce Access Control for the Node’s endpoints and their associated + cluster instances.</description> + <!-- Base data types --> + <attribute side="server" code="0x0000" define="ACL" type="ARRAY" entryType="AccessControlEntry" length="12" writable="true">ACL</attribute> + <attribute side="server" code="0x0001" define="EXTENSION" type="ARRAY" entryType="ExtensionEntry" length="4" writable="true">Extension</attribute> + </cluster> +</configurator> diff --git a/src/app/zap-templates/zcl/data-model/chip/matter-devices.xml b/src/app/zap-templates/zcl/data-model/chip/matter-devices.xml index 011a18cd539aec..36673e94130518 100644 --- a/src/app/zap-templates/zcl/data-model/chip/matter-devices.xml +++ b/src/app/zap-templates/zcl/data-model/chip/matter-devices.xml @@ -23,6 +23,10 @@ limitations under the License. <profileId editable="false">0x0103</profileId> <deviceId editable="false">0x0016</deviceId> <clusters lockOthers="true"> + <include cluster="Access Control" client="false" server="true" clientLocked="true" serverLocked="true"> + <requireAttribute>ACL</requireAttribute> + <requireAttribute>EXTENSION</requireAttribute> + </include> <include cluster="Basic" client="false" server="true" clientLocked="true" serverLocked="true"> <requireAttribute>INTERACTION_MODEL_VERSION</requireAttribute> <requireAttribute>VENDOR_NAME</requireAttribute> @@ -42,7 +46,6 @@ limitations under the License. <requireAttribute>CLIENT_LIST</requireAttribute> <requireAttribute>PARTS_LIST</requireAttribute> </include> - <include cluster="ACL" client="false" server="true" clientLocked="true" serverLocked="true"></include> <include cluster="Power Source Configuration" client="false" server="false" clientLocked="true" serverLocked="false"></include> <include cluster="Time Synchronization" client="false" server="false" clientLocked="true" serverLocked="false"></include> <include cluster="Group Key Management" client="false" server="true" clientLocked="true" serverLocked="true"></include>