project-chip
diff --git a/‎examples/network-manager-app/linux/args.gni
+2 b/‎examples/network-manager-app/linux/args.gni
+2
diff --git a/‎examples/platform/linux/AppMain.cpp
+7-7 b/‎examples/platform/linux/AppMain.cpp
+7-7
diff --git a/‎examples/platform/linux/ExampleAccessRestriction.h ‎examples/platform/linux/ExampleAccessRestrictionProvider.h
+5-6 b/‎examples/platform/linux/ExampleAccessRestriction.h ‎examples/platform/linux/ExampleAccessRestrictionProvider.h
+5-6
diff --git a/‎examples/platform/linux/Options.cpp
+8-9 b/‎examples/platform/linux/Options.cpp
+8-9
diff --git a/‎examples/platform/linux/Options.h
+2-2 b/‎examples/platform/linux/Options.h
+2-2
diff --git a/‎src/access/AccessControl.cpp
+3-3 b/‎src/access/AccessControl.cpp
+3-3
diff --git a/‎src/access/AccessControl.h
+8-5 b/‎src/access/AccessControl.h
+8-5
@@ -22,4 +22,6 @@ chip_project_config_include_dirs = [
 ]
 
 chip_config_network_layer_ble = false
+
+# This enables AccessRestrictionList (ARL) support used by the NIM sample app
 chip_enable_access_restrictions = true
@@ -104,7 +104,7 @@
 #include "CommissionableInit.h"
 
 #if CHIP_CONFIG_USE_ACCESS_RESTRICTIONS
-#include "ExampleAccessRestriction.h"
+#include "ExampleAccessRestrictionProvider.h"
 #include <app/server/DefaultArlStorage.h>
 #endif
 
@@ -602,12 +602,12 @@ void ChipLinuxAppMainLoop(AppMainLoopImplementation * impl)
 #if CHIP_CONFIG_USE_ACCESS_RESTRICTIONS
     if (LinuxDeviceOptions::GetInstance().accessRestrictionEntries.HasValue())
     {
-        initParams.accessRestriction = new ExampleAccessRestriction();
-        initParams.arlStorage        = new app::DefaultArlStorage();
-        for (const auto & entry : LinuxDeviceOptions::GetInstance().accessRestrictionEntries.Value())
-        {
-            VerifyOrDie(AccessRestriction::CreateCommissioningEntry(entry) == CHIP_NO_ERROR);
-        }
+        auto exampleAccessRestrictionProvider = new ExampleAccessRestrictionProvider();
+        exampleAccessRestrictionProvider->SetCommissioningEntries(
+            LinuxDeviceOptions::GetInstance().accessRestrictionEntries.Value());
+
+        initParams.accessRestrictionProvider = exampleAccessRestrictionProvider;
+        initParams.arlStorage                = new app::DefaultArlStorage();
     }
 #endif
 
 
@@ -22,26 +22,25 @@
 
 #pragma once
 
-#include <access/AccessRestriction.h>
+#include <access/AccessRestrictionProvider.h>
 #include <app-common/zap-generated/cluster-objects.h>
 #include <app/EventLogging.h>
 
 namespace chip {
 namespace Access {
 
-class ExampleAccessRestriction : public AccessRestriction
+class ExampleAccessRestrictionProvider : public AccessRestrictionProvider
 {
 public:
-    ExampleAccessRestriction() : AccessRestriction() {}
+    ExampleAccessRestrictionProvider() : AccessRestrictionProvider() {}
 
-    ~ExampleAccessRestriction() {}
+    ~ExampleAccessRestrictionProvider() {}
 
 protected:
     CHIP_ERROR DoRequestFabricRestrictionReview(const FabricIndex fabricIndex, uint64_t token, const std::vector<Entry> & arl)
     {
         // this example simply removes all restrictions and will generate AccessRestrictionEntryChanged events
-        while (Access::GetAccessControl().GetAccessRestriction()->DeleteEntry(0, fabricIndex) == CHIP_NO_ERROR)
-            ;
+        Access::GetAccessControl().GetAccessRestrictionProvider()->SetEntries(fabricIndex, std::vector<Entry>{});
 
         chip::app::Clusters::AccessControl::Events::FabricRestrictionReviewUpdate::Type event{ .fabricIndex = fabricIndex };
         EventNumber eventNumber;
 
@@ -338,30 +338,29 @@ const char * sDeviceOptionHelp =
     "\n";
 
 #if CHIP_CONFIG_USE_ACCESS_RESTRICTIONS
-bool ParseAccessRestrictionEntriesFromJson(const char * jsonString,
-                                           std::vector<Platform::SharedPtr<AccessRestriction::Entry>> & entries)
+bool ParseAccessRestrictionEntriesFromJson(const char * jsonString, std::vector<AccessRestrictionProvider::Entry> & entries)
 {
     Json::Value root;
     Json::Reader reader;
     VerifyOrReturnValue(reader.parse(jsonString, root), false);
 
     for (Json::Value::const_iterator eIt = root.begin(); eIt != root.end(); eIt++)
     {
-        auto entry = MakeShared<AccessRestriction::Entry>();
+        AccessRestrictionProvider::Entry entry;
 
-        entry->endpointNumber = static_cast<EndpointId>((*eIt)["endpoint"].asUInt());
-        entry->clusterId      = static_cast<ClusterId>((*eIt)["cluster"].asUInt());
+        entry.endpointNumber = static_cast<EndpointId>((*eIt)["endpoint"].asUInt());
+        entry.clusterId      = static_cast<ClusterId>((*eIt)["cluster"].asUInt());
 
         Json::Value restrictions = (*eIt)["restrictions"];
         for (Json::Value::const_iterator rIt = restrictions.begin(); rIt != restrictions.end(); rIt++)
         {
-            AccessRestriction::Restriction restriction;
-            restriction.restrictionType = static_cast<AccessRestriction::Type>((*rIt)["type"].asInt());
+            AccessRestrictionProvider::Restriction restriction;
+            restriction.restrictionType = static_cast<AccessRestrictionProvider::Type>((*rIt)["type"].asInt());
             if ((*rIt).isMember("id"))
             {
                 restriction.id.SetValue((*rIt)["id"].asUInt());
             }
-            entry->restrictions.push_back(restriction);
+            entry.restrictions.push_back(restriction);
         }
 
         entries.push_back(entry);
@@ -582,7 +581,7 @@ bool HandleOption(const char * aProgram, OptionSet * aOptions, int aIdentifier,
 
 #if CHIP_CONFIG_USE_ACCESS_RESTRICTIONS
     case kDeviceOption_UseAccessRestrictions: {
-        std::vector<Platform::SharedPtr<AccessRestriction::Entry>> accessRestrictionEntries;
+        std::vector<AccessRestrictionProvider::Entry> accessRestrictionEntries;
         retval = ParseAccessRestrictionEntriesFromJson(aValue, accessRestrictionEntries);
         if (retval)
         {
 
@@ -40,7 +40,7 @@
 #include <testing/CustomCSRResponse.h>
 
 #if CHIP_CONFIG_USE_ACCESS_RESTRICTIONS
-#include <access/AccessRestriction.h>
+#include <access/AccessRestrictionProvider.h>
 #endif
 
 struct LinuxDeviceOptions
@@ -88,7 +88,7 @@ struct LinuxDeviceOptions
     int32_t subscriptionResumptionRetryIntervalSec = -1;
 #endif
 #if CHIP_CONFIG_USE_ACCESS_RESTRICTIONS
-    chip::Optional<std::vector<chip::Platform::SharedPtr<chip::Access::AccessRestriction::Entry>>> accessRestrictionEntries;
+    chip::Optional<std::vector<chip::Access::AccessRestrictionProvider::Entry>> accessRestrictionEntries;
 #endif
     static LinuxDeviceOptions & GetInstance();
 };
 
@@ -326,7 +326,7 @@ void AccessControl::RemoveEntryListener(EntryListener & listener)
 bool AccessControl::IsAccessRestrictionListSupported() const
 {
 #if CHIP_CONFIG_USE_ACCESS_RESTRICTIONS
-    return mAccessRestriction != nullptr;
+    return mAccessRestrictionProvider != nullptr;
 #else
     return false;
 #endif
@@ -357,9 +357,9 @@ CHIP_ERROR AccessControl::Check(const SubjectDescriptor & subjectDescriptor, con
     }
 
 #if CHIP_CONFIG_USE_ACCESS_RESTRICTIONS
-    if (mAccessRestriction != nullptr)
+    if (mAccessRestrictionProvider != nullptr)
     {
-        CHIP_ERROR result = mAccessRestriction->Check(subjectDescriptor, requestPath);
+        CHIP_ERROR result = mAccessRestrictionProvider->Check(subjectDescriptor, requestPath);
         if (result != CHIP_NO_ERROR)
         {
             ChipLogProgress(DataManagement, "AccessControl: %s",
 
@@ -21,7 +21,7 @@
 #include <access/AccessConfig.h>
 
 #if CHIP_CONFIG_USE_ACCESS_RESTRICTIONS
-#include "AccessRestriction.h"
+#include "AccessRestrictionProvider.h"
 #endif
 
 #include "Privilege.h"
@@ -635,9 +635,12 @@ class AccessControl
 
 #if CHIP_CONFIG_USE_ACCESS_RESTRICTIONS
     // Set an optional AcceessRestriction object for MNGD feature.
-    void SetAccessRestriction(AccessRestriction * accessRestriction) { mAccessRestriction = accessRestriction; }
+    void SetAccessRestrictionProvider(AccessRestrictionProvider * accessRestrictionProvider)
+    {
+        mAccessRestrictionProvider = accessRestrictionProvider;
+    }
 
-    AccessRestriction * GetAccessRestriction() { return mAccessRestriction; }
+    AccessRestrictionProvider * GetAccessRestrictionProvider() { return mAccessRestrictionProvider; }
 #endif
 
     /**
@@ -651,7 +654,7 @@ class AccessControl
      * Check whether access (by a subject descriptor, to a request path,
      * requiring a privilege) should be allowed or denied.
      *
-     * If an AccessRestriction object is set, it will be checked for additional access restrictions.
+     * If an AccessRestrictionProvider object is set, it will be checked for additional access restrictions.
      *
      * @retval #CHIP_ERROR_ACCESS_DENIED if denied.
      * @retval other errors should also be treated as denied.
@@ -679,7 +682,7 @@ class AccessControl
     EntryListener * mEntryListener = nullptr;
 
 #if CHIP_CONFIG_USE_ACCESS_RESTRICTIONS
-    AccessRestriction * mAccessRestriction;
+    AccessRestrictionProvider * mAccessRestrictionProvider;
 #endif
 };
Original file line number	Diff line number	Diff line change
`@@ -22,4 +22,6 @@ chip_project_config_include_dirs = [`
`22`	`22`	`]`
`23`	`23`
`24`	`24`	`chip_config_network_layer_ble = false`
	`25`	`+`
	`26`	`+# This enables AccessRestrictionList (ARL) support used by the NIM sample app`
`25`	`27`	`chip_enable_access_restrictions = true`
Original file line number	Diff line number	Diff line change
`@@ -326,7 +326,7 @@ void AccessControl::RemoveEntryListener(EntryListener & listener)`
`326`	`326`	`bool AccessControl::IsAccessRestrictionListSupported() const`
`327`	`327`	`{`
`328`	`328`	`#if CHIP_CONFIG_USE_ACCESS_RESTRICTIONS`
`329`		`- return mAccessRestriction != nullptr;`
	`329`	`+ return mAccessRestrictionProvider != nullptr;`
`330`	`330`	`#else`
`331`	`331`	`return false;`
`332`	`332`	`#endif`
`@@ -357,9 +357,9 @@ CHIP_ERROR AccessControl::Check(const SubjectDescriptor & subjectDescriptor, con`
`357`	`357`	`}`
`358`	`358`
`359`	`359`	`#if CHIP_CONFIG_USE_ACCESS_RESTRICTIONS`
`360`		`- if (mAccessRestriction != nullptr)`
	`360`	`+ if (mAccessRestrictionProvider != nullptr)`
`361`	`361`	`{`
`362`		`- CHIP_ERROR result = mAccessRestriction->Check(subjectDescriptor, requestPath);`
	`362`	`+ CHIP_ERROR result = mAccessRestrictionProvider->Check(subjectDescriptor, requestPath);`
`363`	`363`	`if (result != CHIP_NO_ERROR)`
`364`	`364`	`{`
`365`	`365`	`ChipLogProgress(DataManagement, "AccessControl: %s",`