@@ -7118,6 +7118,11 @@ static gboolean process_auth_queue(gpointer user_data)
if (auth->svc_id > 0)
return FALSE;
+ if (!btd_adapter_is_uuid_allowed(adapter, auth->uuid)) {
+ auth->cb(&err, auth->user_data);
+ goto next;
+ }
+
if (device_is_trusted(device) == TRUE) {
auth->cb(NULL, auth->user_data);
goto next;
@@ -1249,6 +1249,11 @@ static void ext_confirm(GIOChannel *io, gpointer user_data)
DBG("incoming connect from %s", addr);
+ if (btd_adapter_is_uuid_allowed(adapter_find(&src), uuid)) {
+ info("UUID %s is not allowed. Igoring the connection", uuid);
+ return;
+ }
+
conn = create_conn(server, io, &src, &dst);
if (conn == NULL)
return;
@@ -1272,6 +1277,7 @@ static void ext_direct_connect(GIOChannel *io, GError *err, gpointer user_data)
struct ext_profile *ext = server->ext;
GError *gerr = NULL;
struct ext_io *conn;
+ const char *uuid = ext->service ? ext->service : ext->uuid;
bdaddr_t src, dst;
bt_io_get(io, &gerr,
@@ -1285,6 +1291,12 @@ static void ext_direct_connect(GIOChannel *io, GError *err, gpointer user_data)
return;
}
+ if (btd_adapter_is_uuid_allowed(adapter_find(&src), ext->uuid)) {
+ info("UUID %s is not allowed. Igoring the connection",
+ ext->uuid);
+ return;
+ }
+
conn = create_conn(server, io, &src, &dst);
if (conn == NULL)
return;
From: Yun-Hao Chung <howardchung@chromium.org> This ensures any incoming profile connection will be blocked if its UUID is not allowed by the following assumption: 1. Each system profile asks adapter authorization when seeing a incoming connection. 2. Each external profile checks if its UUID is allowed by adapter when seeing a incoming connection. --- The following test steps were performed after enabling admin_policy plugin: 1. Set ServiceAllowList to ["1234"]. 2. Turn on a paired classic keyboard. Verify it can not be connected. 3. Set ServiceAllowList to ["1800","1801","180A","180F","1812"] 4. Turn off and turn on the keyboard. Verift it can be connected. (no changes since v1) src/adapter.c | 5 +++++ src/profile.c | 12 ++++++++++++ 2 files changed, 17 insertions(+)