[BlueZ,v5,5/6] input: Automatically use sec level low when using a cable paired device

Message ID	20250424162933.182103-6-ludovico.denittis@collabora.com
State	Superseded
Headers	show Received: from bali.collaboradmins.com (bali.collaboradmins.com [148.251.105.195]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E38CE28BAB5 for <linux-bluetooth@vger.kernel.org>; Thu, 24 Apr 2025 16:30:11 +0000 (UTC) sender: denittis) by bali.collaboradmins.com (Postfix) with ESMTPSA id 887EE17E36BB; Thu, 24 Apr 2025 18:30:07 +0200 (CEST) From: Ludovico de Nittis <ludovico.denittis@collabora.com> To: linux-bluetooth@vger.kernel.org Cc: Ludovico de Nittis <ludovico.denittis@collabora.com> Subject: [PATCH BlueZ v5 5/6] input: Automatically use sec level low when using a cable paired device Date: Thu, 24 Apr 2025 18:29:32 +0200 Message-ID: <20250424162933.182103-6-ludovico.denittis@collabora.com> In-Reply-To: <20250424162933.182103-1-ludovico.denittis@collabora.com> References: <20250424162933.182103-1-ludovico.denittis@collabora.com> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	Support Sixaxis gamepad with classic bonded only \| expand [BlueZ,v5,0/6] Support Sixaxis gamepad with classic bonded only [BlueZ,v5,1/6] src: Add new CablePairing property [BlueZ,v5,2/6] client: Print CablePairing property [BlueZ,v5,3/6] sixaxis: Set CablePairing when pairing a Sixaxis with USB [BlueZ,v5,4/6] adapter: Add btd_adapter_has_cable_pairing_devices() [BlueZ,v5,5/6] input: Automatically use sec level low when using a cable paired device [BlueZ,v5,6/6] sixaxis: Set security level when adding a sixaxis device

diff --git a/profiles/input/device.c b/profiles/input/device.c index 3627573e7..2fa4e0b82 100644 --- a/profiles/input/device.c +++ b/profiles/input/device.c @@ -47,6 +47,7 @@ #include "device.h" #include "hidp_defs.h" +#include "server.h" #define INPUT_INTERFACE "org.bluez.Input1" @@ -1065,6 +1066,7 @@ static gboolean encrypt_notify(GIOChannel *io, GIOCondition condition, static int hidp_add_connection(struct input_device *idev) { struct hidp_connadd_req *req; + bool cable_pairing; GError *gerr = NULL; int err; @@ -1088,8 +1090,10 @@ static int hidp_add_connection(struct input_device *idev) if (device_name_known(idev->device)) device_get_name(idev->device, req->name, sizeof(req->name)); + cable_pairing = device_is_cable_pairing(idev->device); + /* Make sure the device is bonded if required */ - if (classic_bonded_only && !input_device_bonded(idev)) { + if (!cable_pairing && classic_bonded_only && !input_device_bonded(idev)) { error("Rejected connection from !bonded device %s", idev->path); goto cleanup; } @@ -1098,7 +1102,9 @@ static int hidp_add_connection(struct input_device *idev) /* Some platforms may choose to require encryption for all devices */ /* Note that this only matters for pre 2.1 devices as otherwise the */ /* device is encrypted by default by the lower layers */ - if (classic_bonded_only || idev->type == BT_UHID_KEYBOARD) { + /* Don't enforce encryption for cable paired devices because they */ + /* don't support it */ + if (!cable_pairing && (classic_bonded_only || idev->type == BT_UHID_KEYBOARD)) { if (!bt_io_set(idev->intr_io, &gerr, BT_IO_OPT_SEC_LEVEL, BT_IO_SEC_MEDIUM, BT_IO_OPT_INVALID)) { @@ -1546,6 +1552,16 @@ int input_device_register(struct btd_service *service) btd_service_set_user_data(service, idev); device_set_wake_support(device, true); + if (device_is_cable_pairing(device)) { + struct btd_adapter *adapter = device_get_adapter(device); + const bdaddr_t *adapter_bdaddr = btd_adapter_get_address(adapter); + + DBG("This is a cable paired device, setting the listening input " + "server security level accordingly"); + + server_set_cable_pairing(adapter_bdaddr, true); + } + return 0; } diff --git a/profiles/input/manager.c b/profiles/input/manager.c index d1accc24f..95ca0a7ee 100644 --- a/profiles/input/manager.c +++ b/profiles/input/manager.c @@ -33,7 +33,8 @@ static int hid_server_probe(struct btd_profile *p, struct btd_adapter *adapter) { - return server_start(btd_adapter_get_address(adapter)); + return server_start(btd_adapter_get_address(adapter), + btd_adapter_has_cable_pairing_devices(adapter)); } static void hid_server_remove(struct btd_profile *p, diff --git a/profiles/input/server.c b/profiles/input/server.c index 79cf08a66..3de2282f6 100644 --- a/profiles/input/server.c +++ b/profiles/input/server.c @@ -266,12 +266,23 @@ drop: g_io_channel_shutdown(chan, TRUE, NULL); } -int server_start(const bdaddr_t *src) +static BtIOSecLevel get_necessary_sec_level(bool device_cable_pairing) +{ + /* Use lower security to allow the cable paired devices to connect. */ + /* Unless classic bonded only mode is disabled, the security level */ + /* will be bumped again for non cable paired devices in */ + /* hidp_add_connection() */ + if (device_cable_pairing) + return BT_IO_SEC_LOW; + + return input_get_classic_bonded_only() ? BT_IO_SEC_MEDIUM : BT_IO_SEC_LOW; +} + +int server_start(const bdaddr_t *src, bool device_sixaxis_cable_pairing) { struct input_server *server; GError *err = NULL; - BtIOSecLevel sec_level = input_get_classic_bonded_only() ? - BT_IO_SEC_MEDIUM : BT_IO_SEC_LOW; + const BtIOSecLevel sec_level = get_necessary_sec_level(device_sixaxis_cable_pairing); server = g_new0(struct input_server, 1); bacpy(&server->src, src); @@ -308,6 +319,52 @@ int server_start(const bdaddr_t *src) return 0; } +int server_set_cable_pairing(const bdaddr_t *src, bool device_cable_pairing) +{ + struct input_server *server; + GSList *l; + BtIOSecLevel sec_level; + const BtIOSecLevel new_sec_level = get_necessary_sec_level(device_cable_pairing); + GError *err = NULL; + + l = g_slist_find_custom(servers, src, server_cmp); + if (!l) + return -1; + + server = l->data; + + bt_io_get(server->ctrl, &err, BT_IO_OPT_SEC_LEVEL, &sec_level, + BT_IO_OPT_INVALID); + if (err) { + error("%s", err->message); + g_error_free(err); + return -1; + } + + if (sec_level == new_sec_level) { + DBG("The listening input server is already using the expected security level"); + return -1; + } + + DBG("Applying the new security level to the listening input server"); + + if (!bt_io_set(server->ctrl, &err, BT_IO_OPT_SEC_LEVEL, new_sec_level, + BT_IO_OPT_INVALID)) { + error("bt_io_set(OPT_SEC_LEVEL): %s", err->message); + g_error_free(err); + return -1; + } + + if (!bt_io_set(server->intr, &err, BT_IO_OPT_SEC_LEVEL, new_sec_level, + BT_IO_OPT_INVALID)) { + error("bt_io_set(OPT_SEC_LEVEL): %s", err->message); + g_error_free(err); + return -1; + } + + return 0; +} + void server_stop(const bdaddr_t *src) { struct input_server *server; diff --git a/profiles/input/server.h b/profiles/input/server.h index 50f4b6135..4ad82c10e 100644 --- a/profiles/input/server.h +++ b/profiles/input/server.h @@ -8,5 +8,6 @@ * */ -int server_start(const bdaddr_t *src); +int server_start(const bdaddr_t *src, bool device_cable_pairing); +int server_set_cable_pairing(const bdaddr_t *src, bool device_cable_pairing); void server_stop(const bdaddr_t *src);

[BlueZ,v5,5/6] input: Automatically use sec level low when using a cable paired device

Commit Message

Patch