@@ -598,6 +598,131 @@ cluster Descriptor = 29 {
598598 readonly attribute int16u clusterRevision = 65533;
599599}
600600
601+ /** The Access Control Cluster exposes a data model view of a
602+ Node's Access Control List (ACL), which codifies the rules used to manage
603+ and enforce Access Control for the Node's endpoints and their associated
604+ cluster instances. */
605+ cluster AccessControl = 31 {
606+ revision 2;
607+
608+ enum AccessControlEntryAuthModeEnum : enum8 {
609+ kPASE = 1;
610+ kCASE = 2;
611+ kGroup = 3;
612+ }
613+
614+ enum AccessControlEntryPrivilegeEnum : enum8 {
615+ kView = 1;
616+ kProxyView = 2;
617+ kOperate = 3;
618+ kManage = 4;
619+ kAdminister = 5;
620+ }
621+
622+ enum AccessRestrictionTypeEnum : enum8 {
623+ kAttributeAccessForbidden = 0;
624+ kAttributeWriteForbidden = 1;
625+ kCommandForbidden = 2;
626+ kEventForbidden = 3;
627+ }
628+
629+ enum ChangeTypeEnum : enum8 {
630+ kChanged = 0;
631+ kAdded = 1;
632+ kRemoved = 2;
633+ }
634+
635+ bitmap Feature : bitmap32 {
636+ kExtension = 0x1;
637+ kManagedDevice = 0x2;
638+ }
639+
640+ struct AccessRestrictionStruct {
641+ AccessRestrictionTypeEnum type = 0;
642+ nullable int32u id = 1;
643+ }
644+
645+ struct CommissioningAccessRestrictionEntryStruct {
646+ endpoint_no endpoint = 0;
647+ cluster_id cluster = 1;
648+ AccessRestrictionStruct restrictions[] = 2;
649+ }
650+
651+ fabric_scoped struct AccessRestrictionEntryStruct {
652+ fabric_sensitive endpoint_no endpoint = 0;
653+ fabric_sensitive cluster_id cluster = 1;
654+ fabric_sensitive AccessRestrictionStruct restrictions[] = 2;
655+ fabric_idx fabricIndex = 254;
656+ }
657+
658+ struct AccessControlTargetStruct {
659+ nullable cluster_id cluster = 0;
660+ nullable endpoint_no endpoint = 1;
661+ nullable devtype_id deviceType = 2;
662+ }
663+
664+ fabric_scoped struct AccessControlEntryStruct {
665+ fabric_sensitive AccessControlEntryPrivilegeEnum privilege = 1;
666+ fabric_sensitive AccessControlEntryAuthModeEnum authMode = 2;
667+ nullable fabric_sensitive int64u subjects[] = 3;
668+ nullable fabric_sensitive AccessControlTargetStruct targets[] = 4;
669+ fabric_idx fabricIndex = 254;
670+ }
671+
672+ fabric_scoped struct AccessControlExtensionStruct {
673+ fabric_sensitive octet_string<128> data = 1;
674+ fabric_idx fabricIndex = 254;
675+ }
676+
677+ fabric_sensitive info event access(read: administer) AccessControlEntryChanged = 0 {
678+ nullable node_id adminNodeID = 1;
679+ nullable int16u adminPasscodeID = 2;
680+ ChangeTypeEnum changeType = 3;
681+ nullable AccessControlEntryStruct latestValue = 4;
682+ fabric_idx fabricIndex = 254;
683+ }
684+
685+ fabric_sensitive info event access(read: administer) AccessControlExtensionChanged = 1 {
686+ nullable node_id adminNodeID = 1;
687+ nullable int16u adminPasscodeID = 2;
688+ ChangeTypeEnum changeType = 3;
689+ nullable AccessControlExtensionStruct latestValue = 4;
690+ fabric_idx fabricIndex = 254;
691+ }
692+
693+ fabric_sensitive info event access(read: administer) FabricRestrictionReviewUpdate = 2 {
694+ int64u token = 0;
695+ optional long_char_string instruction = 1;
696+ optional long_char_string ARLRequestFlowUrl = 2;
697+ fabric_idx fabricIndex = 254;
698+ }
699+
700+ attribute access(read: administer, write: administer) AccessControlEntryStruct acl[] = 0;
701+ attribute access(read: administer, write: administer) optional AccessControlExtensionStruct extension[] = 1;
702+ readonly attribute int16u subjectsPerAccessControlEntry = 2;
703+ readonly attribute int16u targetsPerAccessControlEntry = 3;
704+ readonly attribute int16u accessControlEntriesPerFabric = 4;
705+ readonly attribute optional CommissioningAccessRestrictionEntryStruct commissioningARL[] = 5;
706+ readonly attribute optional AccessRestrictionEntryStruct arl[] = 6;
707+ readonly attribute command_id generatedCommandList[] = 65528;
708+ readonly attribute command_id acceptedCommandList[] = 65529;
709+ readonly attribute event_id eventList[] = 65530;
710+ readonly attribute attrib_id attributeList[] = 65531;
711+ readonly attribute bitmap32 featureMap = 65532;
712+ readonly attribute int16u clusterRevision = 65533;
713+
714+ request struct ReviewFabricRestrictionsRequest {
715+ CommissioningAccessRestrictionEntryStruct arl[] = 0;
716+ }
717+
718+ response struct ReviewFabricRestrictionsResponse = 1 {
719+ int64u token = 0;
720+ }
721+
722+ /** This command signals to the service associated with the device vendor that the fabric administrator would like a review of the current restrictions on the accessing fabric. */
723+ fabric command access(invoke: administer) ReviewFabricRestrictions(ReviewFabricRestrictionsRequest): ReviewFabricRestrictionsResponse = 0;
724+ }
725+
601726/** This cluster provides attributes and events for determining basic information about Nodes, which supports both
602727 Commissioning and operational determination of Node characteristics, such as Vendor ID, Product ID and serial number,
603728 which apply to the whole Node. Also allows setting user device information such as location. */
@@ -1904,6 +2029,18 @@ endpoint 0 {
19042029 callback attribute clusterRevision;
19052030 }
19062031
2032+ server cluster AccessControl {
2033+ callback attribute acl;
2034+ callback attribute subjectsPerAccessControlEntry;
2035+ callback attribute targetsPerAccessControlEntry;
2036+ callback attribute accessControlEntriesPerFabric;
2037+ callback attribute generatedCommandList;
2038+ callback attribute acceptedCommandList;
2039+ callback attribute attributeList;
2040+ ram attribute featureMap default = 0;
2041+ callback attribute clusterRevision;
2042+ }
2043+
19072044 server cluster BasicInformation {
19082045 emits event StartUp;
19092046 emits event ShutDown;
0 commit comments