From 8c124604bc901b3ffd66d28a5ad3e3186d2d7b3a Mon Sep 17 00:00:00 2001
From: Marc Lepage <mlepage@google.com>
Date: Thu, 25 Nov 2021 12:31:08 -0500
Subject: [PATCH] Add access control cluster xml

Issue #11204
---
 .../zcl/data-model/chip/ACL-cluster.xml       | 38 ----------
 .../chip/access-control-cluster.xml           | 73 +++++++++++++++++++
 .../zcl/data-model/chip/matter-devices.xml    |  5 +-
 3 files changed, 77 insertions(+), 39 deletions(-)
 delete mode 100644 src/app/zap-templates/zcl/data-model/chip/ACL-cluster.xml
 create mode 100644 src/app/zap-templates/zcl/data-model/chip/access-control-cluster.xml

diff --git a/src/app/zap-templates/zcl/data-model/chip/ACL-cluster.xml b/src/app/zap-templates/zcl/data-model/chip/ACL-cluster.xml
deleted file mode 100644
index 0197a4c53879a7..00000000000000
--- a/src/app/zap-templates/zcl/data-model/chip/ACL-cluster.xml
+++ /dev/null
@@ -1,38 +0,0 @@
-<?xml version="1.0"?>
-<!--
-Copyright (c) 2021 Project CHIP Authors
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
--->
-<configurator>
-  <domain name="CHIP"/>
-
-
-  <cluster>
-    <domain>General</domain>
-    <name>ACL</name>
-    <code>0x001F</code>
-    <define>ACL_CLUSTER</define>
-    <client init="false" tick="false">true</client>
-    <server init="false" tick="false">true</server>
-    <description>The Access Control Cluster exposes a data model view of a Node’s Access Control List (ACL), which
-codifies the rules used to manage and enforce Access Control for the Node’s endpoints and their
-associated cluster instances. Access to this Access Control Cluster itself requires a special
-Administer privilege level, such that only Nodes granted such privilege (hereafter termed
-"Administrators") can manage the Access Control Cluster.</description>
-    <!-- Base data types -->
-
-    <!-- Test Commands -->
-
-  </cluster>
-</configurator>
diff --git a/src/app/zap-templates/zcl/data-model/chip/access-control-cluster.xml b/src/app/zap-templates/zcl/data-model/chip/access-control-cluster.xml
new file mode 100644
index 00000000000000..2b14a6cf18b095
--- /dev/null
+++ b/src/app/zap-templates/zcl/data-model/chip/access-control-cluster.xml
@@ -0,0 +1,73 @@
+<?xml version="1.0"?>
+<!--
+Copyright (c) 2021 Project CHIP Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<configurator>
+  <domain name="CHIP"/>
+
+  <enum name="Privilege" type="ENUM8">
+    <cluster code="0x001F"/>
+    <item name="View" value="0x01"/>
+    <item name="ProxyView" value="0x02"/>
+    <item name="Operate" value="0x03"/>
+    <item name="Manage" value="0x04"/>
+    <item name="Administer" value="0x05"/>
+  </enum>
+
+  <enum name="AuthMode" type="ENUM8">
+    <cluster code="0x001F"/>
+    <item name="PASE" value="0x01"/>
+    <item name="CASE" value="0x02"/>
+    <item name="Group" value="0x03"/>
+  </enum>
+
+  <struct name="Target">
+    <cluster code="0x001F"/>
+    <item fieldId="0" name="Cluster" type="INT32U" isNullable="true"/>
+    <item fieldId="1" name="Endpoint" type="INT16U" isNullable="true"/>
+    <item fieldId="2" name="DeviceType" type="INT32U" isNullable="true"/>
+  </struct>
+
+  <struct name="AccessControlEntry">
+    <cluster code="0x001F"/>
+    <item fieldId="0" name="FabricIndex" type="INT8U"/>
+    <item fieldId="1" name="Privilege" type="Privilege"/>
+    <item fieldId="2" name="AuthMode" type="AuthMode"/>
+    <item fieldId="3" name="Subjects" type="INT64U" isNullable="true" array="true"/>
+    <item fieldId="4" name="Targets" type="Target" isNullable="true" array="true"/>
+  </struct>
+
+  <struct name="ExtensionEntry">
+    <cluster code="0x001F"/>
+    <item fieldId="0" name="FabricIndex" type="INT8U"/>
+    <item fieldId="1" name="Data" type="OCTET_STRING" length="254"/>
+  </struct>
+
+  <cluster>
+    <domain>General</domain>
+    <name>Access Control</name>
+    <code>0x001F</code>
+    <define>ACCESS_CONTROL_CLUSTER</define>
+    <client init="false" tick="false">true</client>
+    <server init="false" tick="false">true</server>
+    <description>The Access Control Cluster exposes a data model view of a
+      Node’s Access Control List (ACL), which codifies the rules used to manage
+      and enforce Access Control for the Node’s endpoints and their associated
+      cluster instances.</description>
+    <!-- Base data types -->
+    <attribute side="server" code="0x0000" define="ACL" type="ARRAY" entryType="AccessControlEntry" length="12" writable="true">ACL</attribute>
+    <attribute side="server" code="0x0001" define="EXTENSION" type="ARRAY" entryType="ExtensionEntry" length="4" writable="true">Extension</attribute>
+  </cluster>
+</configurator>
diff --git a/src/app/zap-templates/zcl/data-model/chip/matter-devices.xml b/src/app/zap-templates/zcl/data-model/chip/matter-devices.xml
index 011a18cd539aec..36673e94130518 100644
--- a/src/app/zap-templates/zcl/data-model/chip/matter-devices.xml
+++ b/src/app/zap-templates/zcl/data-model/chip/matter-devices.xml
@@ -23,6 +23,10 @@ limitations under the License.
         <profileId editable="false">0x0103</profileId>
         <deviceId editable="false">0x0016</deviceId>
         <clusters lockOthers="true">
+            <include cluster="Access Control" client="false" server="true" clientLocked="true" serverLocked="true">
+                <requireAttribute>ACL</requireAttribute>
+                <requireAttribute>EXTENSION</requireAttribute>
+            </include>
             <include cluster="Basic" client="false" server="true" clientLocked="true" serverLocked="true">
                 <requireAttribute>INTERACTION_MODEL_VERSION</requireAttribute>
                 <requireAttribute>VENDOR_NAME</requireAttribute>
@@ -42,7 +46,6 @@ limitations under the License.
                 <requireAttribute>CLIENT_LIST</requireAttribute>
                 <requireAttribute>PARTS_LIST</requireAttribute>
             </include>
-            <include cluster="ACL" client="false" server="true" clientLocked="true" serverLocked="true"></include>
             <include cluster="Power Source Configuration" client="false" server="false" clientLocked="true" serverLocked="false"></include>
             <include cluster="Time Synchronization" client="false" server="false" clientLocked="true" serverLocked="false"></include>
             <include cluster="Group Key Management" client="false" server="true" clientLocked="true" serverLocked="true"></include>