Fabric-scoped and fabric-sensitive updates for IDL (#22955)

* Start defining fabric-sensitive types

* Update types: structures are fabric scoped, attributes are fabric sensitive (if applicable)

* Tag fabric-scoped structures in matter idl

* Allow fields to be marked fabric sensitive

* Start supporting fabric scoped and sensitive logic

* zap regen

* Add parser and tests for fabric-sensitive events

* Restyle

* Add tag for fabric sensitive events in idl generator

* zap regen

* Fix typo in readme

* Fix typo

* Add support for fabric scoped and fabric sensitive

* Add unit test for fabric sensitive and scoped stuff

* Rename attributes to qualites, tests pass in idl. More code review comments

* Fix java codegen tests

* Remove unused import

* Remove more unused imports

* Regen bridge-app.matter

* Regen lighting-on-off

* Rename fabric_command to fabric_scoped_command

examples/all-clusters-app/all-clusters-common/all-clusters-app.matter

@@ -404,7 +404,7 @@ server cluster Descriptor = 29 {
 }
 
 server cluster Binding = 30 {
-  struct TargetStruct {
+  fabric_scoped struct TargetStruct {
     optional node_id node = 1;
     optional group_id group = 2;
     optional endpoint_no endpoint = 3;
@@ -438,11 +438,11 @@ server cluster AccessControl = 31 {
     kAdminister = 5;
   }
 
-  struct AccessControlEntry {
-    Privilege privilege = 1;
-    AuthMode authMode = 2;
-    nullable int64u subjects[] = 3;
-    nullable Target targets[] = 4;
+  fabric_scoped struct AccessControlEntry {
+    fabric_sensitive Privilege privilege = 1;
+    fabric_sensitive AuthMode authMode = 2;
+    nullable fabric_sensitive int64u subjects[] = 3;
+    nullable fabric_sensitive Target targets[] = 4;
     fabric_idx fabricIndex = 254;
   }
 
@@ -452,20 +452,20 @@ server cluster AccessControl = 31 {
     nullable devtype_id deviceType = 2;
   }
 
-  struct ExtensionEntry {
-    octet_string<128> data = 1;
+  fabric_scoped struct ExtensionEntry {
+    fabric_sensitive octet_string<128> data = 1;
     fabric_idx fabricIndex = 254;
   }
 
-  info event access(read: administer) AccessControlEntryChanged = 0 {
+  fabric_sensitive info event access(read: administer) AccessControlEntryChanged = 0 {
     nullable node_id adminNodeID = 1;
     nullable INT16U adminPasscodeID = 2;
     ChangeTypeEnum changeType = 3;
     nullable AccessControlEntry latestValue = 4;
     fabric_idx fabricIndex = 254;
   }
 
-  info event access(read: administer) AccessControlExtensionChanged = 1 {
+  fabric_sensitive info event access(read: administer) AccessControlExtensionChanged = 1 {
     nullable node_id adminNodeID = 1;
     nullable INT16U adminPasscodeID = 2;
     ChangeTypeEnum changeType = 3;
@@ -688,7 +688,7 @@ server cluster OtaSoftwareUpdateRequestor = 42 {
     kDelayedOnUserConsent = 8;
   }
 
-  struct ProviderLocation {
+  fabric_scoped struct ProviderLocation {
     node_id providerNodeID = 1;
     endpoint_no endpoint = 2;
     fabric_idx fabricIndex = 254;
@@ -1570,13 +1570,13 @@ server cluster OperationalCredentials = 62 {
     kInvalidFabricIndex = 11;
   }
 
-  struct NOCStruct {
-    octet_string noc = 1;
-    nullable octet_string icac = 2;
+  fabric_scoped struct NOCStruct {
+    fabric_sensitive octet_string noc = 1;
+    nullable fabric_sensitive octet_string icac = 2;
     fabric_idx fabricIndex = 254;
   }
 
-  struct FabricDescriptor {
+  fabric_scoped struct FabricDescriptor {
     octet_string<65> rootPublicKey = 1;
     vendor_id vendorId = 2;
     fabric_id fabricId = 3;
@@ -1668,13 +1668,13 @@ server cluster GroupKeyManagement = 63 {
     kCacheAndSync = 1;
   }
 
-  struct GroupKeyMapStruct {
+  fabric_scoped struct GroupKeyMapStruct {
     group_id groupId = 1;
     int16u groupKeySetID = 2;
     fabric_idx fabricIndex = 254;
   }
 
-  struct GroupInfoMapStruct {
+  fabric_scoped struct GroupInfoMapStruct {
     group_id groupId = 1;
     endpoint_no endpoints[] = 2;
     optional char_string<16> groupName = 3;
@@ -3601,14 +3601,14 @@ server cluster TestCluster = 4294048773 {
     double h = 7;
   }
 
-  struct TestFabricScoped {
-    int8u fabricSensitiveInt8u = 1;
-    optional int8u optionalFabricSensitiveInt8u = 2;
-    nullable int8u nullableFabricSensitiveInt8u = 3;
-    optional nullable int8u nullableOptionalFabricSensitiveInt8u = 4;
-    char_string fabricSensitiveCharString = 5;
-    SimpleStruct fabricSensitiveStruct = 6;
-    int8u fabricSensitiveInt8uList[] = 7;
+  fabric_scoped struct TestFabricScoped {
+    fabric_sensitive int8u fabricSensitiveInt8u = 1;
+    optional fabric_sensitive int8u optionalFabricSensitiveInt8u = 2;
+    nullable fabric_sensitive int8u nullableFabricSensitiveInt8u = 3;
+    optional nullable fabric_sensitive int8u nullableOptionalFabricSensitiveInt8u = 4;
+    fabric_sensitive char_string fabricSensitiveCharString = 5;
+    fabric_sensitive SimpleStruct fabricSensitiveStruct = 6;
+    fabric_sensitive int8u fabricSensitiveInt8uList[] = 7;
     fabric_idx fabricIndex = 254;
   }
 
@@ -3637,7 +3637,7 @@ server cluster TestCluster = 4294048773 {
     SimpleEnum arg6[] = 6;
   }
 
-  info event TestFabricScopedEvent = 2 {
+  fabric_sensitive info event TestFabricScopedEvent = 2 {
     fabric_idx fabricIndex = 254;
   }
 

examples/all-clusters-minimal-app/all-clusters-common/all-clusters-minimal-app.matter

@@ -354,7 +354,7 @@ server cluster Descriptor = 29 {
 }
 
 server cluster Binding = 30 {
-  struct TargetStruct {
+  fabric_scoped struct TargetStruct {
     optional node_id node = 1;
     optional group_id group = 2;
     optional endpoint_no endpoint = 3;
@@ -388,11 +388,11 @@ server cluster AccessControl = 31 {
     kAdminister = 5;
   }
 
-  struct AccessControlEntry {
-    Privilege privilege = 1;
-    AuthMode authMode = 2;
-    nullable int64u subjects[] = 3;
-    nullable Target targets[] = 4;
+  fabric_scoped struct AccessControlEntry {
+    fabric_sensitive Privilege privilege = 1;
+    fabric_sensitive AuthMode authMode = 2;
+    nullable fabric_sensitive int64u subjects[] = 3;
+    nullable fabric_sensitive Target targets[] = 4;
     fabric_idx fabricIndex = 254;
   }
 
@@ -402,15 +402,15 @@ server cluster AccessControl = 31 {
     nullable devtype_id deviceType = 2;
   }
 
-  info event access(read: administer) AccessControlEntryChanged = 0 {
+  fabric_sensitive info event access(read: administer) AccessControlEntryChanged = 0 {
     nullable node_id adminNodeID = 1;
     nullable INT16U adminPasscodeID = 2;
     ChangeTypeEnum changeType = 3;
     nullable AccessControlEntry latestValue = 4;
     fabric_idx fabricIndex = 254;
   }
 
-  info event access(read: administer) AccessControlExtensionChanged = 1 {
+  fabric_sensitive info event access(read: administer) AccessControlExtensionChanged = 1 {
     nullable node_id adminNodeID = 1;
     nullable INT16U adminPasscodeID = 2;
     ChangeTypeEnum changeType = 3;
@@ -623,7 +623,7 @@ server cluster OtaSoftwareUpdateRequestor = 42 {
     kDelayedOnUserConsent = 8;
   }
 
-  struct ProviderLocation {
+  fabric_scoped struct ProviderLocation {
     node_id providerNodeID = 1;
     endpoint_no endpoint = 2;
     fabric_idx fabricIndex = 254;
@@ -1415,13 +1415,13 @@ server cluster OperationalCredentials = 62 {
     kInvalidFabricIndex = 11;
   }
 
-  struct NOCStruct {
-    octet_string noc = 1;
-    nullable octet_string icac = 2;
+  fabric_scoped struct NOCStruct {
+    fabric_sensitive octet_string noc = 1;
+    nullable fabric_sensitive octet_string icac = 2;
     fabric_idx fabricIndex = 254;
   }
 
-  struct FabricDescriptor {
+  fabric_scoped struct FabricDescriptor {
     octet_string<65> rootPublicKey = 1;
     vendor_id vendorId = 2;
     fabric_id fabricId = 3;
@@ -1513,13 +1513,13 @@ server cluster GroupKeyManagement = 63 {
     kCacheAndSync = 1;
   }
 
-  struct GroupKeyMapStruct {
+  fabric_scoped struct GroupKeyMapStruct {
     group_id groupId = 1;
     int16u groupKeySetID = 2;
     fabric_idx fabricIndex = 254;
   }
 
-  struct GroupInfoMapStruct {
+  fabric_scoped struct GroupInfoMapStruct {
     group_id groupId = 1;
     endpoint_no endpoints[] = 2;
     optional char_string<16> groupName = 3;
@@ -3025,14 +3025,14 @@ server cluster TestCluster = 4294048773 {
     double h = 7;
   }
 
-  struct TestFabricScoped {
-    int8u fabricSensitiveInt8u = 1;
-    optional int8u optionalFabricSensitiveInt8u = 2;
-    nullable int8u nullableFabricSensitiveInt8u = 3;
-    optional nullable int8u nullableOptionalFabricSensitiveInt8u = 4;
-    char_string fabricSensitiveCharString = 5;
-    SimpleStruct fabricSensitiveStruct = 6;
-    int8u fabricSensitiveInt8uList[] = 7;
+  fabric_scoped struct TestFabricScoped {
+    fabric_sensitive int8u fabricSensitiveInt8u = 1;
+    optional fabric_sensitive int8u optionalFabricSensitiveInt8u = 2;
+    nullable fabric_sensitive int8u nullableFabricSensitiveInt8u = 3;
+    optional nullable fabric_sensitive int8u nullableOptionalFabricSensitiveInt8u = 4;
+    fabric_sensitive char_string fabricSensitiveCharString = 5;
+    fabric_sensitive SimpleStruct fabricSensitiveStruct = 6;
+    fabric_sensitive int8u fabricSensitiveInt8uList[] = 7;
     fabric_idx fabricIndex = 254;
   }
 
@@ -3061,7 +3061,7 @@ server cluster TestCluster = 4294048773 {
     SimpleEnum arg6[] = 6;
   }
 
-  info event TestFabricScopedEvent = 2 {
+  fabric_sensitive info event TestFabricScopedEvent = 2 {
     fabric_idx fabricIndex = 254;
   }
 

examples/bridge-app/bridge-common/bridge-app.matter

@@ -204,7 +204,7 @@ server cluster Descriptor = 29 {
 }
 
 client cluster Binding = 30 {
-  struct TargetStruct {
+  fabric_scoped struct TargetStruct {
     optional node_id node = 1;
     optional group_id group = 2;
     optional endpoint_no endpoint = 3;
@@ -241,11 +241,11 @@ client cluster AccessControl = 31 {
     kAdminister = 5;
   }
 
-  struct AccessControlEntry {
-    Privilege privilege = 1;
-    AuthMode authMode = 2;
-    nullable int64u subjects[] = 3;
-    nullable Target targets[] = 4;
+  fabric_scoped struct AccessControlEntry {
+    fabric_sensitive Privilege privilege = 1;
+    fabric_sensitive AuthMode authMode = 2;
+    nullable fabric_sensitive int64u subjects[] = 3;
+    nullable fabric_sensitive Target targets[] = 4;
     fabric_idx fabricIndex = 254;
   }
 
@@ -255,20 +255,20 @@ client cluster AccessControl = 31 {
     nullable devtype_id deviceType = 2;
   }
 
-  struct ExtensionEntry {
-    octet_string<128> data = 1;
+  fabric_scoped struct ExtensionEntry {
+    fabric_sensitive octet_string<128> data = 1;
     fabric_idx fabricIndex = 254;
   }
 
-  info event access(read: administer) AccessControlEntryChanged = 0 {
+  fabric_sensitive info event access(read: administer) AccessControlEntryChanged = 0 {
     nullable node_id adminNodeID = 1;
     nullable INT16U adminPasscodeID = 2;
     ChangeTypeEnum changeType = 3;
     nullable AccessControlEntry latestValue = 4;
     fabric_idx fabricIndex = 254;
   }
 
-  info event access(read: administer) AccessControlExtensionChanged = 1 {
+  fabric_sensitive info event access(read: administer) AccessControlExtensionChanged = 1 {
     nullable node_id adminNodeID = 1;
     nullable INT16U adminPasscodeID = 2;
     ChangeTypeEnum changeType = 3;
@@ -309,11 +309,11 @@ server cluster AccessControl = 31 {
     kAdminister = 5;
   }
 
-  struct AccessControlEntry {
-    Privilege privilege = 1;
-    AuthMode authMode = 2;
-    nullable int64u subjects[] = 3;
-    nullable Target targets[] = 4;
+  fabric_scoped struct AccessControlEntry {
+    fabric_sensitive Privilege privilege = 1;
+    fabric_sensitive AuthMode authMode = 2;
+    nullable fabric_sensitive int64u subjects[] = 3;
+    nullable fabric_sensitive Target targets[] = 4;
     fabric_idx fabricIndex = 254;
   }
 
@@ -323,20 +323,20 @@ server cluster AccessControl = 31 {
     nullable devtype_id deviceType = 2;
   }
 
-  struct ExtensionEntry {
-    octet_string<128> data = 1;
+  fabric_scoped struct ExtensionEntry {
+    fabric_sensitive octet_string<128> data = 1;
     fabric_idx fabricIndex = 254;
   }
 
-  info event access(read: administer) AccessControlEntryChanged = 0 {
+  fabric_sensitive info event access(read: administer) AccessControlEntryChanged = 0 {
     nullable node_id adminNodeID = 1;
     nullable INT16U adminPasscodeID = 2;
     ChangeTypeEnum changeType = 3;
     nullable AccessControlEntry latestValue = 4;
     fabric_idx fabricIndex = 254;
   }
 
-  info event access(read: administer) AccessControlExtensionChanged = 1 {
+  fabric_sensitive info event access(read: administer) AccessControlExtensionChanged = 1 {
     nullable node_id adminNodeID = 1;
     nullable INT16U adminPasscodeID = 2;
     ChangeTypeEnum changeType = 3;
@@ -1260,13 +1260,13 @@ server cluster OperationalCredentials = 62 {
     kInvalidFabricIndex = 11;
   }
 
-  struct NOCStruct {
-    octet_string noc = 1;
-    nullable octet_string icac = 2;
+  fabric_scoped struct NOCStruct {
+    fabric_sensitive octet_string noc = 1;
+    nullable fabric_sensitive octet_string icac = 2;
     fabric_idx fabricIndex = 254;
   }
 
-  struct FabricDescriptor {
+  fabric_scoped struct FabricDescriptor {
     octet_string<65> rootPublicKey = 1;
     vendor_id vendorId = 2;
     fabric_id fabricId = 3;
@@ -1361,13 +1361,13 @@ server cluster GroupKeyManagement = 63 {
     kCacheAndSync = 1;
   }
 
-  struct GroupKeyMapStruct {
+  fabric_scoped struct GroupKeyMapStruct {
     group_id groupId = 1;
     int16u groupKeySetID = 2;
     fabric_idx fabricIndex = 254;
   }
 
-  struct GroupInfoMapStruct {
+  fabric_scoped struct GroupInfoMapStruct {
     group_id groupId = 1;
     endpoint_no endpoints[] = 2;
     optional char_string<16> groupName = 3;