From patchwork Tue Aug 3 08:22:25 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Howard Chung X-Patchwork-Id: 491056 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-26.3 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, USER_AGENT_GIT,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 489BBC432BE for ; Tue, 3 Aug 2021 08:23:08 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 2F45A60F70 for ; Tue, 3 Aug 2021 08:23:08 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234551AbhHCIXS (ORCPT ); Tue, 3 Aug 2021 04:23:18 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51864 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234440AbhHCIXR (ORCPT ); Tue, 3 Aug 2021 04:23:17 -0400 Received: from mail-yb1-xb49.google.com (mail-yb1-xb49.google.com [IPv6:2607:f8b0:4864:20::b49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0E35CC06175F for ; Tue, 3 Aug 2021 01:23:07 -0700 (PDT) Received: by mail-yb1-xb49.google.com with SMTP id v71-20020a252f4a0000b029055b51419c7dso22025506ybv.23 for ; Tue, 03 Aug 2021 01:23:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=QmVlcdOw8a6YgvvWT/ZlzFfrtL+D2xy3XVjOy/2Tpl4=; b=mFTl+IXac+Ow+APOOQu0eP+vOE1cKDRLu7Hdsc6gEmSHirGkcpjC5XeAvMVzKnDOHT SbrA10nG07AxpCvKndcxFW+gBmtoxdfSFpvyqB4LvUBMpygcs0ipp1o3lb9Xt+0v6+l3 7aZvjln6r5H0MNWXjHoW3vURJ0ZsMLcE0bjrDolhjhtVJgLaWV4mOrjPHsjrFv2wXUyB bOUTMneRt8GEFzv3Jhcd3E4eeMVdWVW/QpWZgvLFOXGmIozzccsd2/A1nsjL7xcZdwXO HfD2Lj+BkiFZUZZUupgAqg3cWdMQLO2zNfO5/yAHknOQQngJII4+thqfI2aOwFGv76+w hStg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=QmVlcdOw8a6YgvvWT/ZlzFfrtL+D2xy3XVjOy/2Tpl4=; b=ON29ziKMPB0KFKD9G5t+A3kfiMA2Ks9Qq5IX/IfWTLGgIgtucrP5gcELYWPhqHVHwy bfkKKu0T7RfmC0cpNd22qINPGh2mZ4f5TbsNfQIjT5S+ZwwtvFZ7iQl7EWbpROJzI3xX qp3rLtppbnxNO/WmMLoR9PzeYAWW1WHbq0acFBORuaNcowCcewft9cyNFl2rqZGUqYlC ZH8jtuNhHTh6I9frDpTuakIfCwm8aHP4H5TouYulrtJGqL++CJ7xmcRd41U1B2g5HwqC JJU1g5MrL/nZPVc25LTQsT0zziifWUykij5ePfp1DAd+xHXUbr452269ZncfzW1C24FU xohg== X-Gm-Message-State: AOAM531AsxqjMUs079+fomSyTKIQeWeFZAehqsqabunKzBdgn4wdyRtO 7LCaTGTuO7aEoeR9DNC1qbwVISzdwPXqjWBjBxdJMc8uFH/8DqQ1pxxhb+eW+YUYThY9no3O4ae sd2Z05AKq+Gt/rc+XoI7sFqdOcDQ+VEpeGycv39RGe7QLLMBlw2p92qb+ef/IA7KmnavNHtSWiJ WJbu0kcPOFqqI= X-Google-Smtp-Source: ABdhPJxoZysNgWIK5Tw0yYk/AVVwin+6agGEfXckC7IRQ4fqn8xKnG+zGN16UB+qAW6LbxLjf+b0kDDfPL8SlLYfaw== X-Received: from howardchung-p920.tpe.corp.google.com ([2401:fa00:1:10:ef55:8161:c77b:7a8d]) (user=howardchung job=sendgmr) by 2002:a25:d642:: with SMTP id n63mr27799516ybg.165.1627978986205; Tue, 03 Aug 2021 01:23:06 -0700 (PDT) Date: Tue, 3 Aug 2021 16:22:25 +0800 In-Reply-To: <20210803082237.723766-1-howardchung@google.com> Message-Id: <20210803161319.Bluez.v8.1.Ic71b1ed97538a06d02425ba502690bdab1c5d836@changeid> Mime-Version: 1.0 References: <20210803082237.723766-1-howardchung@google.com> X-Mailer: git-send-email 2.32.0.554.ge1b32706d8-goog Subject: [Bluez PATCH v8 01/13] core: add is_allowed property in btd_service From: Howard Chung To: linux-bluetooth@vger.kernel.org, luiz.dentz@gmail.com Cc: Yun-Hao Chung , Miao-chen Chou Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Yun-Hao Chung This adds is_allowed property in btd_service. When is_allowed is set to false, calling btd_service_connect and service_accept will fail and the existing service connection gets disconnected. Reviewed-by: Miao-chen Chou --- Changes in v8: - Remove changes in profiles/health/ Changes in v7: - Fix compiler errors in profiles/hdp.c Changes in v6: - include instead of in plugins/admin.c Changes in v5: - Fix compiler errors in plugins/admin.c Changes in v4: - Update commit message (admin_policy -> admin) - remove old plugins/admin_policy.c Changes in v3: - Rename plugins/admin_policy.c -> plugins/admin.c - Use device_added callback in btd_adapter_driver instead of listen for dbus - Add authorization method in profiles/health/mcap.c and block incoming connections in adapter authorization function. Changes in v2: - Move bt_uuid_hash and bt_uuid_equal functions to adapter.c. - Modify the criteria to say a device is `Affected` from any-of-uuid to any-of-auto-connect-profile. - Remove the code to remove/reprobe disallowed/allowed profiles, instead, check if the service is allowed in bt_io_accept connect_cb. - Fix a typo in emit_property_change in plugin/admin_policy.c:set_service_allowlist - Instead of using device_state_cb, utilize D-BUS client to watch device added/removed. - Add a document in doc/ src/service.c | 33 +++++++++++++++++++++++++++++++++ src/service.h | 2 ++ 2 files changed, 35 insertions(+) diff --git a/src/service.c b/src/service.c index 21a52762e637..84fbb208a7e9 100644 --- a/src/service.c +++ b/src/service.c @@ -41,6 +41,7 @@ struct btd_service { void *user_data; btd_service_state_t state; int err; + bool is_allowed; }; struct service_state_callback { @@ -133,6 +134,7 @@ struct btd_service *service_create(struct btd_device *device, service->device = device; /* Weak ref */ service->profile = profile; service->state = BTD_SERVICE_STATE_UNAVAILABLE; + service->is_allowed = true; return service; } @@ -186,6 +188,12 @@ int service_accept(struct btd_service *service) if (!service->profile->accept) return -ENOSYS; + if (!service->is_allowed) { + info("service %s is not allowed", + service->profile->remote_uuid); + return -ECONNABORTED; + } + err = service->profile->accept(service); if (!err) goto done; @@ -245,6 +253,12 @@ int btd_service_connect(struct btd_service *service) return -EBUSY; } + if (!service->is_allowed) { + info("service %s is not allowed", + service->profile->remote_uuid); + return -ECONNABORTED; + } + err = profile->connect(service); if (err == 0) { change_state(service, BTD_SERVICE_STATE_CONNECTING, 0); @@ -361,6 +375,25 @@ bool btd_service_remove_state_cb(unsigned int id) return false; } +void btd_service_set_allowed(struct btd_service *service, bool allowed) +{ + if (allowed == service->is_allowed) + return; + + service->is_allowed = allowed; + + if (!allowed && (service->state == BTD_SERVICE_STATE_CONNECTING || + service->state == BTD_SERVICE_STATE_CONNECTED)) { + btd_service_disconnect(service); + return; + } +} + +bool btd_service_is_allowed(struct btd_service *service) +{ + return service->is_allowed; +} + void btd_service_connecting_complete(struct btd_service *service, int err) { if (service->state != BTD_SERVICE_STATE_DISCONNECTED && diff --git a/src/service.h b/src/service.h index 88530cc17d53..5a2a02447b24 100644 --- a/src/service.h +++ b/src/service.h @@ -51,6 +51,8 @@ int btd_service_get_error(const struct btd_service *service); unsigned int btd_service_add_state_cb(btd_service_state_cb cb, void *user_data); bool btd_service_remove_state_cb(unsigned int id); +void btd_service_set_allowed(struct btd_service *service, bool allowed); +bool btd_service_is_allowed(struct btd_service *service); /* Functions used by profile implementation */ void btd_service_connecting_complete(struct btd_service *service, int err); From patchwork Tue Aug 3 08:22:26 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Howard Chung X-Patchwork-Id: 491055 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-21.3 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, USER_AGENT_GIT, USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5211DC4338F for ; Tue, 3 Aug 2021 08:23:15 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 33D8960F48 for ; Tue, 3 Aug 2021 08:23:15 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234573AbhHCIXX (ORCPT ); Tue, 3 Aug 2021 04:23:23 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51884 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234431AbhHCIXV (ORCPT ); Tue, 3 Aug 2021 04:23:21 -0400 Received: from mail-yb1-xb4a.google.com (mail-yb1-xb4a.google.com [IPv6:2607:f8b0:4864:20::b4a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EB45EC06175F for ; Tue, 3 Aug 2021 01:23:10 -0700 (PDT) Received: by mail-yb1-xb4a.google.com with SMTP id o3-20020a2541030000b0290557cf3415f8so22375317yba.1 for ; Tue, 03 Aug 2021 01:23:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=XHXE8tST2KAQQjyYal7fEzKR0v9qY2Nnj5RhbnRLk/k=; b=ioIbwvPxhquZhzFC9X74wAjE/5+jUpuXnrcwWBrGmqRQmO4Sjoqp+vwrRPssHcG/Te KyZI2uZX5tbEYHf2bAzaIPKpMTMWVzqt+1SvLDCV52oh8MJcf+vOkRGq0l/6k4Rhv6Xb jy2I3tbRmxdPYOx3iGJz8eXLfa4LLK1LBOJebLf17ZkjDBuxJPlHCDHb2HT5fffBjcx8 1ZY1+YLQWzgIPIGjTXiWvOUNCyHp879LcQYMbXfsnO4Zmyc62go5xI8tG8Hu9aK/pGVl TzxJ43zeU4La3JxcK/3AYLb5r/vt+Ha6WdoLNXaJ6/TXH1ZoMytRtqoDWJd4mhCfZF3P sTfQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=XHXE8tST2KAQQjyYal7fEzKR0v9qY2Nnj5RhbnRLk/k=; b=dbiUQSFWnS3PnX/q3BuUUmLkk+gc4fZ8tN0hQIdUNgJaiHBQHNJX14hW6qkIpZ2ltt FEX7cPdezB8EQQwjqQjJIO20Fy1OodsdPdZtmuKlWgsxBda+xSynfx9DUeQKTX9uDbJW YkOzlhats3zy0wYppe2C9lVv8xFUvKFmsYs+TGv+8JUcU93gfFnyOPe4tKUKKiRzQlxD 6zq0hB9pBdGa9/uQVq882ZnT86MbbZKXldpuLiIO1Pllt1HRt3McL5Rr9McLkt293M6K aFqSRrkXrzaynjacdubw2xO2vX8ZDhj4OVluOZOYbeNFxP3eRKePwyDmvuw6UBS7hzrC zxIw== X-Gm-Message-State: AOAM531wSGrI3yW8chW2PxozrODuLxBRsdkUHniYvFr9J7O9NLsn2OXx RXZdDphrIqGhc6coS9gSFNKjgi56FIEY3fx89tFdRzhBjaABg7eaPJPpSVUVFk+vVN/X2iBVEt1 C8rxWue5Tq17eTlyTY4wRHrHNI1QM8PpvbIjw/2zSQYrmOpkbU2xVnQK1IMj65FDrTpxIRDndyd BF98fgQJSWO5k= X-Google-Smtp-Source: ABdhPJw/J6SWbt/L+OexIXfWJf0mPsl/PNkiOaGGM6+0tZvUaX151iFTr4Jy2b1PTnUyjrRXdRS5KwFgpWqwsep7EQ== X-Received: from howardchung-p920.tpe.corp.google.com ([2401:fa00:1:10:ef55:8161:c77b:7a8d]) (user=howardchung job=sendgmr) by 2002:a25:ba83:: with SMTP id s3mr25579456ybg.450.1627978990189; Tue, 03 Aug 2021 01:23:10 -0700 (PDT) Date: Tue, 3 Aug 2021 16:22:26 +0800 In-Reply-To: <20210803082237.723766-1-howardchung@google.com> Message-Id: <20210803161319.Bluez.v8.2.Iee308dd18bfdfd3dae9e343e78b3942ee462314f@changeid> Mime-Version: 1.0 References: <20210803082237.723766-1-howardchung@google.com> X-Mailer: git-send-email 2.32.0.554.ge1b32706d8-goog Subject: [Bluez PATCH v8 02/13] core: add device callbacks to adapter driver From: Howard Chung To: linux-bluetooth@vger.kernel.org, luiz.dentz@gmail.com Cc: Yun-Hao Chung Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Yun-Hao Chung This adds the following callbacks to btd_adapter_driver. device_added: called when a device is added to the adapter device_removed: called when a device is removed from the adapter device_resolved: called when all services of the device have been resolved. --- Changes in v8: - Add device_resolved. - Remove space before function pointer arguments. src/adapter.c | 74 +++++++++++++++++++++++++++++++++++++++++++++++---- src/adapter.h | 14 +++++++--- src/device.c | 2 ++ 3 files changed, 82 insertions(+), 8 deletions(-) diff --git a/src/adapter.c b/src/adapter.c index 663b778e4a5d..5a20f4c6239e 100644 --- a/src/adapter.c +++ b/src/adapter.c @@ -1216,6 +1216,9 @@ void adapter_service_remove(struct btd_adapter *adapter, uint32_t handle) remove_record_from_server(rec->handle); } +static void adapter_add_device(struct btd_adapter *adapter, + struct btd_device *device); + static struct btd_device *adapter_create_device(struct btd_adapter *adapter, const bdaddr_t *bdaddr, uint8_t bdaddr_type) @@ -1226,8 +1229,7 @@ static struct btd_device *adapter_create_device(struct btd_adapter *adapter, if (!device) return NULL; - adapter->devices = g_slist_append(adapter->devices, device); - + adapter_add_device(adapter, device); return device; } @@ -1254,6 +1256,9 @@ static void service_auth_cancel(struct service_auth *auth) g_free(auth); } +static void adapter_remove_device(struct btd_adapter *adapter, + struct btd_device *device); + void btd_adapter_remove_device(struct btd_adapter *adapter, struct btd_device *dev) { @@ -1261,7 +1266,7 @@ void btd_adapter_remove_device(struct btd_adapter *adapter, adapter->connect_list = g_slist_remove(adapter->connect_list, dev); - adapter->devices = g_slist_remove(adapter->devices, dev); + adapter_remove_device(adapter, dev); btd_adv_monitor_device_remove(adapter->adv_monitor_manager, dev); adapter->discovery_found = g_slist_remove(adapter->discovery_found, @@ -4222,6 +4227,7 @@ static void probe_devices(void *user_data) struct btd_device *device = user_data; device_probe_profiles(device, btd_device_get_uuids(device)); + device_resolved_drivers(device_get_adapter(device), device); } static bool load_bredr_defaults(struct btd_adapter *adapter, @@ -4576,7 +4582,7 @@ static void load_devices(struct btd_adapter *adapter) goto free; btd_device_set_temporary(device, false); - adapter->devices = g_slist_append(adapter->devices, device); + adapter_add_device(adapter, device); /* TODO: register services from pre-loaded list of primaries */ @@ -4738,6 +4744,62 @@ void adapter_remove_profile(struct btd_adapter *adapter, gpointer p) profile->adapter_remove(profile, adapter); } +static void device_added_drivers(struct btd_adapter *adapter, + struct btd_device *device) +{ + struct btd_adapter_driver *driver; + GSList *l; + + for (l = adapter_drivers; l; l = l->next) { + driver = l->data; + + if (driver->device_added) + driver->device_added(adapter, device); + } +} + +static void device_removed_drivers(struct btd_adapter *adapter, + struct btd_device *device) +{ + struct btd_adapter_driver *driver; + GSList *l; + + for (l = adapter_drivers; l; l = l->next) { + driver = l->data; + + if (driver->device_removed) + driver->device_removed(adapter, device); + } +} + +void device_resolved_drivers(struct btd_adapter *adapter, + struct btd_device *device) +{ + struct btd_adapter_driver *driver; + GSList *l; + + for (l = adapter_drivers; l; l = l->next) { + driver = l->data; + + if (driver->device_resolved) + driver->device_resolved(adapter, device); + } +} + +static void adapter_add_device(struct btd_adapter *adapter, + struct btd_device *device) +{ + adapter->devices = g_slist_append(adapter->devices, device); + device_added_drivers(adapter, device); +} + +static void adapter_remove_device(struct btd_adapter *adapter, + struct btd_device *device) +{ + adapter->devices = g_slist_remove(adapter->devices, device); + device_removed_drivers(adapter, device); +} + static void adapter_add_connection(struct btd_adapter *adapter, struct btd_device *device, uint8_t bdaddr_type) @@ -6355,8 +6417,10 @@ static void adapter_remove(struct btd_adapter *adapter) g_slist_free(adapter->connect_list); adapter->connect_list = NULL; - for (l = adapter->devices; l; l = l->next) + for (l = adapter->devices; l; l = l->next) { + device_removed_drivers(adapter, l->data); device_remove(l->data, FALSE); + } g_slist_free(adapter->devices); adapter->devices = NULL; diff --git a/src/adapter.h b/src/adapter.h index 60b5e3bcca34..3d69aeda14fb 100644 --- a/src/adapter.h +++ b/src/adapter.h @@ -105,11 +105,19 @@ void btd_adapter_set_class(struct btd_adapter *adapter, uint8_t major, struct btd_adapter_driver { const char *name; - int (*probe) (struct btd_adapter *adapter); - void (*remove) (struct btd_adapter *adapter); - void (*resume) (struct btd_adapter *adapter); + int (*probe)(struct btd_adapter *adapter); + void (*remove)(struct btd_adapter *adapter); + void (*resume)(struct btd_adapter *adapter); + void (*device_added)(struct btd_adapter *adapter, + struct btd_device *device); + void (*device_removed)(struct btd_adapter *adapter, + struct btd_device *device); + void (*device_resolved)(struct btd_adapter *adapter, + struct btd_device *device); }; +void device_resolved_drivers(struct btd_adapter *adapter, + struct btd_device *device); typedef void (*service_auth_cb) (DBusError *derr, void *user_data); void adapter_add_profile(struct btd_adapter *adapter, gpointer p); diff --git a/src/device.c b/src/device.c index b29aa195d19b..49dd57166532 100644 --- a/src/device.c +++ b/src/device.c @@ -2633,6 +2633,8 @@ static void device_svc_resolved(struct btd_device *dev, uint8_t browse_type, dev->svc_callbacks); g_free(cb); } + + device_resolved_drivers(dev->adapter, dev); } static struct bonding_req *bonding_request_new(DBusMessage *msg, From patchwork Tue Aug 3 08:22:27 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Howard Chung X-Patchwork-Id: 491803 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-26.3 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, USER_AGENT_GIT,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B118BC432BE for ; Tue, 3 Aug 2021 08:23:16 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 9B0E660F70 for ; Tue, 3 Aug 2021 08:23:16 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234384AbhHCIX0 (ORCPT ); Tue, 3 Aug 2021 04:23:26 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51900 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234440AbhHCIXZ (ORCPT ); Tue, 3 Aug 2021 04:23:25 -0400 Received: from mail-qt1-x849.google.com (mail-qt1-x849.google.com [IPv6:2607:f8b0:4864:20::849]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AB47EC06175F for ; Tue, 3 Aug 2021 01:23:14 -0700 (PDT) Received: by mail-qt1-x849.google.com with SMTP id s14-20020ac8528e0000b029025f76cabdfcso12540580qtn.15 for ; Tue, 03 Aug 2021 01:23:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=qSw+bxsSECiUZfo9fAo/8Atu8cP/qkm1rNS09cA6DPA=; b=mnVKVIfN7yLls2OXcUPob2kjrm5xQIZvTG4IOyk6FFzGWsN32+18w1Tfhc91LjELoY WDVcaPP7kLxRKxcgHcq0Tm4n89B2udauoEYj7VljMOI1duX1Hr/gZrv6AUbXWMspQmPA 28yPTrudsDcIHtAK8eAFvdtLrEAoevrRHh05sfMJvCcQ4Op1k9l1KcX1ZEFme5IWlMZ/ eLknoOYfgqocNL+B0FBsgtchqpHFxjFSQ5xnc6m6LCYfR2Qqn8CnLvoGekyzyItENAx+ ypoUu9gIVKCl4M3BnVRtfNsjPALWX2zA/yCVVQCXTYcE/3q1Bz1SzySvAUsN6iwPNfv9 Kyvw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=qSw+bxsSECiUZfo9fAo/8Atu8cP/qkm1rNS09cA6DPA=; b=pcMvVsJfS7Cf/yiZmwOhVOsVl+WBDK08vuYnNwNzXGn+6eQg2E9W0k7wgck66Jw/iz DMOewvIZjskOvE+5CsCg0sGY3EfS+j96GaLsCrF9o9MNuVUeC/evxLYJjPAhJkmDUkKl QHUGBnQPYfuS7VExzB0voEoX+M76Dun9jB8I3/5xAf5NJb1aXZflmzHCrs45mp/gUuXa CvZ0kk5Qgr3/NF1tBl6+vXpOAhqb87+DWlwYi1cD++JBCPN1ZiRYU1M9DFQ+bO188De4 V2sUvzJytZqEgAyX2oxyeIogUT8UijjS0kafRgwznQlCAj4ihnMY15M0zEdZgY255Rl1 SUWw== X-Gm-Message-State: AOAM531UTNpsPPcN9mVSu5dG612oQKnn/bRqY+1ny5oX7kPBBaHPanJx sxWKNTZw3uB6zDs1h+UAbk6THbpCUM2PhUHHNhEfUPBBX8gDMAdjqfTk1ZyiD4LnXN20MOtZobS 3pc+CGS5ZpukBcilab1ysIUxMLEHmezUL7v5j54oKjHgZJeIO0Lt6jvziIPwIaBRGEJnqikqgLT lfpq69rbfPg50= X-Google-Smtp-Source: ABdhPJx3/IL1KMhOaCAunQIsjff1jMh+SgoNs4X4+ANa7SCpPNcnk+m5p1GGEG51XIYxxEEn2NxttaeXOYFO8knJ9A== X-Received: from howardchung-p920.tpe.corp.google.com ([2401:fa00:1:10:ef55:8161:c77b:7a8d]) (user=howardchung job=sendgmr) by 2002:a05:6214:1021:: with SMTP id k1mr20496588qvr.4.1627978993734; Tue, 03 Aug 2021 01:23:13 -0700 (PDT) Date: Tue, 3 Aug 2021 16:22:27 +0800 In-Reply-To: <20210803082237.723766-1-howardchung@google.com> Message-Id: <20210803161319.Bluez.v8.3.Ibc0b5f02cb249f9aca9efe45e2dadc5e50b7d89e@changeid> Mime-Version: 1.0 References: <20210803082237.723766-1-howardchung@google.com> X-Mailer: git-send-email 2.32.0.554.ge1b32706d8-goog Subject: [Bluez PATCH v8 03/13] core: add adapter and device allowed_uuid functions From: Howard Chung To: linux-bluetooth@vger.kernel.org, luiz.dentz@gmail.com Cc: Yun-Hao Chung , Miao-chen Chou Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Yun-Hao Chung This implements functions in src/adapter.c and src/device.c for plugins setting a list of allowed services. Reviewed-by: Miao-chen Chou --- (no changes since v1) src/adapter.c | 90 +++++++++++++++++++++++++++++++++++++++++++++++++++ src/adapter.h | 8 +++++ src/device.c | 63 +++++++++++++++++++++++++++++++++++- src/device.h | 2 ++ 4 files changed, 162 insertions(+), 1 deletion(-) diff --git a/src/adapter.c b/src/adapter.c index 5a20f4c6239e..0ca4b4f6ff56 100644 --- a/src/adapter.c +++ b/src/adapter.c @@ -260,6 +260,8 @@ struct btd_adapter { struct btd_battery_provider_manager *battery_provider_manager; + GHashTable *allowed_uuid_set; /* Set of allowed service UUIDs */ + gboolean initialized; GSList *pin_callbacks; @@ -3494,6 +3496,93 @@ static DBusMessage *connect_device(DBusConnection *conn, return NULL; } +static void update_device_allowed_services(void *data, void *user_data) +{ + struct btd_device *device = data; + + btd_device_update_allowed_services(device); +} + +static void add_uuid_to_uuid_set(void *data, void *user_data) +{ + bt_uuid_t *uuid = data; + GHashTable *uuid_set = user_data; + + if (!uuid) { + error("Found NULL in UUID allowed list"); + return; + } + + g_hash_table_add(uuid_set, uuid); +} + +static guint bt_uuid_hash(gconstpointer key) +{ + const bt_uuid_t *uuid = key; + bt_uuid_t uuid_128; + uint64_t *val; + + if (!uuid) + return 0; + + bt_uuid_to_uuid128(uuid, &uuid_128); + val = (uint64_t *)&uuid_128.value.u128; + + return g_int64_hash(val) ^ g_int64_hash(val+1); +} + +static gboolean bt_uuid_equal(gconstpointer v1, gconstpointer v2) +{ + const bt_uuid_t *uuid1 = v1; + const bt_uuid_t *uuid2 = v2; + + if (!uuid1 || !uuid2) + return !uuid1 && !uuid2; + + return bt_uuid_cmp(uuid1, uuid2) == 0; +} + +bool btd_adapter_set_allowed_uuids(struct btd_adapter *adapter, + struct queue *uuids) +{ + if (!adapter) + return false; + + if (adapter->allowed_uuid_set) + g_hash_table_destroy(adapter->allowed_uuid_set); + + adapter->allowed_uuid_set = g_hash_table_new(bt_uuid_hash, + bt_uuid_equal); + if (!adapter->allowed_uuid_set) { + btd_error(adapter->dev_id, + "Failed to allocate allowed_uuid_set"); + return false; + } + + queue_foreach(uuids, add_uuid_to_uuid_set, adapter->allowed_uuid_set); + g_slist_foreach(adapter->devices, update_device_allowed_services, NULL); + + return true; +} + +bool btd_adapter_is_uuid_allowed(struct btd_adapter *adapter, + const char *uuid_str) +{ + bt_uuid_t uuid; + + if (!adapter || !adapter->allowed_uuid_set) + return true; + + if (bt_string_to_uuid(&uuid, uuid_str)) { + btd_error(adapter->dev_id, + "Failed to parse UUID string '%s'", uuid_str); + return false; + } + + return !g_hash_table_size(adapter->allowed_uuid_set) || + g_hash_table_contains(adapter->allowed_uuid_set, &uuid); +} + static const GDBusMethodTable adapter_methods[] = { { GDBUS_ASYNC_METHOD("StartDiscovery", NULL, NULL, start_discovery) }, { GDBUS_METHOD("SetDiscoveryFilter", @@ -5466,6 +5555,7 @@ static void adapter_free(gpointer user_data) g_free(adapter->stored_alias); g_free(adapter->current_alias); free(adapter->modalias); + g_hash_table_destroy(adapter->allowed_uuid_set); g_free(adapter); } diff --git a/src/adapter.h b/src/adapter.h index 3d69aeda14fb..35fa9fc5fd1f 100644 --- a/src/adapter.h +++ b/src/adapter.h @@ -25,6 +25,7 @@ struct btd_adapter; struct btd_device; +struct queue; struct btd_adapter *btd_adapter_get_default(void); bool btd_adapter_is_default(struct btd_adapter *adapter); @@ -97,6 +98,8 @@ void adapter_service_remove(struct btd_adapter *adapter, uint32_t handle); struct agent *adapter_get_agent(struct btd_adapter *adapter); +bool btd_adapter_uuid_is_allowed(struct btd_adapter *adapter, const char *uuid); + struct btd_adapter *btd_adapter_ref(struct btd_adapter *adapter); void btd_adapter_unref(struct btd_adapter *adapter); @@ -248,3 +251,8 @@ enum kernel_features { }; bool btd_has_kernel_features(uint32_t feature); + +bool btd_adapter_set_allowed_uuids(struct btd_adapter *adapter, + struct queue *uuids); +bool btd_adapter_is_uuid_allowed(struct btd_adapter *adapter, + const char *uuid_str); diff --git a/src/device.c b/src/device.c index 49dd57166532..8071068123f2 100644 --- a/src/device.c +++ b/src/device.c @@ -1929,6 +1929,56 @@ static int service_prio_cmp(gconstpointer a, gconstpointer b) return p2->priority - p1->priority; } +bool btd_device_all_services_allowed(struct btd_device *dev) +{ + GSList *l; + struct btd_adapter *adapter = dev->adapter; + struct btd_service *service; + struct btd_profile *profile; + + for (l = dev->services; l != NULL; l = g_slist_next(l)) { + service = l->data; + profile = btd_service_get_profile(service); + + if (!profile || !profile->auto_connect) + continue; + + if (!btd_adapter_is_uuid_allowed(adapter, profile->remote_uuid)) + return false; + } + + return true; +} + +void btd_device_update_allowed_services(struct btd_device *dev) +{ + struct btd_adapter *adapter = dev->adapter; + struct btd_service *service; + struct btd_profile *profile; + GSList *l; + bool is_allowed; + char addr[18]; + + /* If service discovery is ongoing, let the service discovery complete + * callback call this function. + */ + if (dev->browse) { + ba2str(&dev->bdaddr, addr); + DBG("service discovery of %s is ongoing. Skip updating allowed " + "services", addr); + return; + } + + for (l = dev->services; l != NULL; l = g_slist_next(l)) { + service = l->data; + profile = btd_service_get_profile(service); + + is_allowed = btd_adapter_is_uuid_allowed(adapter, + profile->remote_uuid); + btd_service_set_allowed(service, is_allowed); + } +} + static GSList *create_pending_list(struct btd_device *dev, const char *uuid) { struct btd_service *service; @@ -1937,9 +1987,14 @@ static GSList *create_pending_list(struct btd_device *dev, const char *uuid) if (uuid) { service = find_connectable_service(dev, uuid); - if (service) + + if (!service) + return dev->pending; + + if (btd_service_is_allowed(service)) return g_slist_prepend(dev->pending, service); + info("service %s is blocked", uuid); return dev->pending; } @@ -1950,6 +2005,11 @@ static GSList *create_pending_list(struct btd_device *dev, const char *uuid) if (!p->auto_connect) continue; + if (!btd_service_is_allowed(service)) { + info("service %s is blocked", p->remote_uuid); + continue; + } + if (g_slist_find(dev->pending, service)) continue; @@ -2634,6 +2694,7 @@ static void device_svc_resolved(struct btd_device *dev, uint8_t browse_type, g_free(cb); } + btd_device_update_allowed_services(dev); device_resolved_drivers(dev->adapter, dev); } diff --git a/src/device.h b/src/device.h index 4ae9abe0dbb4..5f615cb4b6b2 100644 --- a/src/device.h +++ b/src/device.h @@ -175,5 +175,7 @@ uint32_t btd_device_get_current_flags(struct btd_device *dev); void btd_device_flags_changed(struct btd_device *dev, uint32_t supported_flags, uint32_t current_flags); +bool btd_device_all_services_allowed(struct btd_device *dev); +void btd_device_update_allowed_services(struct btd_device *dev); void btd_device_init(void); void btd_device_cleanup(void); From patchwork Tue Aug 3 08:22:28 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Howard Chung X-Patchwork-Id: 491054 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-21.3 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, USER_AGENT_GIT, USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id ACEA0C4338F for ; Tue, 3 Aug 2021 08:23:19 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 9621960F70 for ; Tue, 3 Aug 2021 08:23:19 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234578AbhHCIX3 (ORCPT ); Tue, 3 Aug 2021 04:23:29 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51920 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234440AbhHCIX3 (ORCPT ); Tue, 3 Aug 2021 04:23:29 -0400 Received: from mail-qv1-xf49.google.com (mail-qv1-xf49.google.com [IPv6:2607:f8b0:4864:20::f49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 58338C06175F for ; Tue, 3 Aug 2021 01:23:18 -0700 (PDT) Received: by mail-qv1-xf49.google.com with SMTP id v15-20020a0ccd8f0000b0290335f005a486so16732010qvm.22 for ; Tue, 03 Aug 2021 01:23:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=b/tp9qPc1ZnMdrHLzMJAUnrnMira869jxfHG/TPZ/u8=; b=eX5g7CI39Yw9dOOJQ4DBbU5Y7XVHQmIo9DdetNyjg92hvJoDBF5ZafnJEERW/TPsEt 0fBEY328lttlok2KW/B2bMXBpiGJFWE59oZ4oqPIxpHGBAvyt3WkaPidTrYHZq5RHpEs lde9UwqFsCL7gDrx3HePTFWGZlSK+MUpA0EWzoabVsf3yHdYlDQhPalLqZPun1d/0OJg R1FAw9bUhQgN4m6fHWFujH62pVauHj2TbF/SN7p5735UQcQZeaU5W+jYoH7FWD4bNqN6 msU+1R6ZPUiv8xibeqprexvU9wAp9b+8lLCRUd8Fcin9QZzZrHYOof6/vO8pQhCtW8HI pKpw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=b/tp9qPc1ZnMdrHLzMJAUnrnMira869jxfHG/TPZ/u8=; b=YowYXpuQ7umHL2BFWENXnn9/7BKQ8oygMuZnbG0k63ON/gRWrEzo/kD7OsUJ7pOMoe gb6cR+p1fh1/5FUogzUmc5ly9cvAnYTBjvXJT09gmoME7+VcYSSyQC/2DshhdlJt7E+A B+hdWKHOsVJxQAbN8UsPb0uio5EqPDKd69bX109598zbXxBskmSqNgshMzBG89d1n5sY B8REaiydb1qE4W52m/s+pdHo6zxtEWwfrnJY4d6tmvJmyNwsemRaAhp9AZT9ItruNAX2 VGATspDinoGET+G0Mi4KsrXeNN2rMokCZ5Asmb+I8IOYm4yCCxRXX8z38JC/CDjpRwPE NVmg== X-Gm-Message-State: AOAM530PjS8jdcx+dAo9pJohFzXPYpgWwJNccZpFnQt/P+LncZO2MkmR hmq90arzvO7tvWXbYhM4bmhsaVIVvBt89yAEQ6h2X1YzgU7O0TNWSb0qHyjXil8BiWjJk1Jm4an IGJxwrGXhe5LdQQ4gOALi1mLf4j/H1GWLIlcCMkhza9SLaUgQA12Ryq7r3EwF6u+2cM9NP5AbQV ZFLaMquKf4zs8= X-Google-Smtp-Source: ABdhPJzhQFPshVIQXq4fgs7L5cEL6i1vX/TWl28nnrspMONtjI4r+8IXcH8VWF8jw0aTHLLCU+vXTHhvwgPbBQzSeQ== X-Received: from howardchung-p920.tpe.corp.google.com ([2401:fa00:1:10:ef55:8161:c77b:7a8d]) (user=howardchung job=sendgmr) by 2002:a05:6214:1bcf:: with SMTP id m15mr11584530qvc.62.1627978997338; Tue, 03 Aug 2021 01:23:17 -0700 (PDT) Date: Tue, 3 Aug 2021 16:22:28 +0800 In-Reply-To: <20210803082237.723766-1-howardchung@google.com> Message-Id: <20210803161319.Bluez.v8.4.Ia4dc489979e4bf7ffa3421199b1b9fd8d7f00bbc@changeid> Mime-Version: 1.0 References: <20210803082237.723766-1-howardchung@google.com> X-Mailer: git-send-email 2.32.0.554.ge1b32706d8-goog Subject: [Bluez PATCH v8 04/13] core: block not allowed UUID connect in auth From: Howard Chung To: linux-bluetooth@vger.kernel.org, luiz.dentz@gmail.com Cc: Yun-Hao Chung Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Yun-Hao Chung This ensures any incoming profile connection will be blocked if its UUID is not allowed by the following assumption: 1. Each system profile asks adapter authorization when seeing a incoming connection. 2. Each external profile checks if its UUID is allowed by adapter when seeing a incoming connection. --- The following test steps were performed after enabling admin plugin: 1. Set ServiceAllowList to ["1234"]. 2. Turn on a paired classic keyboard. Verify it can not be connected. 3. Set ServiceAllowList to ["1800","1801","180A","180F","1812"] 4. Turn off and turn on the keyboard. Verift it can be connected. (no changes since v1) src/adapter.c | 5 +++++ src/profile.c | 11 +++++++++++ 2 files changed, 16 insertions(+) diff --git a/src/adapter.c b/src/adapter.c index 0ca4b4f6ff56..3c2008285fbd 100644 --- a/src/adapter.c +++ b/src/adapter.c @@ -7182,6 +7182,11 @@ static gboolean process_auth_queue(gpointer user_data) if (auth->svc_id > 0) return FALSE; + if (!btd_adapter_is_uuid_allowed(adapter, auth->uuid)) { + auth->cb(&err, auth->user_data); + goto next; + } + if (device_is_trusted(device) == TRUE) { auth->cb(NULL, auth->user_data); goto next; diff --git a/src/profile.c b/src/profile.c index 60d17b6ae657..e1bebf1ee19c 100644 --- a/src/profile.c +++ b/src/profile.c @@ -1249,6 +1249,11 @@ static void ext_confirm(GIOChannel *io, gpointer user_data) DBG("incoming connect from %s", addr); + if (!btd_adapter_is_uuid_allowed(adapter_find(&src), uuid)) { + info("UUID %s is not allowed. Igoring the connection", uuid); + return; + } + conn = create_conn(server, io, &src, &dst); if (conn == NULL) return; @@ -1272,6 +1277,7 @@ static void ext_direct_connect(GIOChannel *io, GError *err, gpointer user_data) struct ext_profile *ext = server->ext; GError *gerr = NULL; struct ext_io *conn; + const char *uuid = ext->service ? ext->service : ext->uuid; bdaddr_t src, dst; bt_io_get(io, &gerr, @@ -1285,6 +1291,11 @@ static void ext_direct_connect(GIOChannel *io, GError *err, gpointer user_data) return; } + if (!btd_adapter_is_uuid_allowed(adapter_find(&src), uuid)) { + info("UUID %s is not allowed. Igoring the connection", uuid); + return; + } + conn = create_conn(server, io, &src, &dst); if (conn == NULL) return; From patchwork Tue Aug 3 08:22:29 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Howard Chung X-Patchwork-Id: 491802 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-26.3 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, USER_AGENT_GIT,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6F564C4338F for ; Tue, 3 Aug 2021 08:23:24 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 5279360F70 for ; Tue, 3 Aug 2021 08:23:24 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234585AbhHCIXe (ORCPT ); Tue, 3 Aug 2021 04:23:34 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51938 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234440AbhHCIXc (ORCPT ); Tue, 3 Aug 2021 04:23:32 -0400 Received: from mail-yb1-xb49.google.com (mail-yb1-xb49.google.com [IPv6:2607:f8b0:4864:20::b49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E8D0DC06175F for ; Tue, 3 Aug 2021 01:23:21 -0700 (PDT) Received: by mail-yb1-xb49.google.com with SMTP id t101-20020a25aaee0000b0290578c0c455b2so21971224ybi.13 for ; Tue, 03 Aug 2021 01:23:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=mDdEFCjpHD/uWglCa7g2e7wWzLT0QoSSZnVpKWZCPo4=; b=XwmmyjYyzNS1bqmWrMHXF12gPmfT9YMWoDYpD3xW5E3OoxfUCjG93+/AqVvzxsPObo JDeiSpnZoJMEUPjrxbJBa3pP5GDDKTbRXJC+sWDuRjUJix64iUxW7El/5ZsUeWvt1HA+ elUPF+Fcc71GYuH85IXs9q1091twoESLucztn6wFvh6vmYwltErznM8v/dBs3V6gL9jt YAxasV7pp7gM82B/XC2iopjvm7U4NJ8omtclKi+7laXn3SaxUiYkLEkQf9ch8zdmLXFF 4jdwn2OSZf0wSDD5hjwTrcrau72w92PMmZ9VaPLWcO/liQyRuDZ9ntOSE1iQu2TVwE0m 7rZA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=mDdEFCjpHD/uWglCa7g2e7wWzLT0QoSSZnVpKWZCPo4=; b=FHdGgY0EgHgpJ7R+iz18ZAGETQOWQOVzTwRACU1zxfi253Pl7l1bhsQ02II7xsoLiI ZLCocpI0lDVsshQtX1dpLIPwt5tgJUeEmXdVBeruMQKuaRvjlsq8ljHeGFQksMmKpTkA A0o0PxTLzifXmR14nINzdpmFVS9gIk1IQHpKwN/CFOafLUiHovfxwVIMO9L4/lJD3wdn 1B356twKTRcuNWAgq2elehiiTd1hkTWlIEcw9zk96buwnuSJ6I9UDY0/D/9A87lluai8 dyD394BflqyJtIfX0qF3HAkrI4LlnHyeNvplYu2E3RQhx3wBiO2KCGRtV2EOB8PsuwwA eEyQ== X-Gm-Message-State: AOAM531MReLRMhB00GkXiYLgqeae4s11mjBKoQ5YTlE4U8TCuS6sYvvD B0hFEp+S9eOpi7ABEP9limbFZo6icnXw2ayIS6Lg0MLgJSJ8KzSpML8LY/JCg5+colEW2mW+rnc vqa3qfnm1kpC00dztrqwchIRnFl5tpbkGFvSTkm1muGzrRX/5ZvvtKxd1SsEMN9mo1iRz8+dNbl NlGMCgnRlfsFc= X-Google-Smtp-Source: ABdhPJxCUoVVpkyPbVxthaqUgAoj0CkCNUWOLcY9yQywb84ZnI3TodrqKe/JHbu0Q1+xzO1iu/umvEYxGqSM1BMJvQ== X-Received: from howardchung-p920.tpe.corp.google.com ([2401:fa00:1:10:ef55:8161:c77b:7a8d]) (user=howardchung job=sendgmr) by 2002:a25:24d4:: with SMTP id k203mr25740223ybk.383.1627979001144; Tue, 03 Aug 2021 01:23:21 -0700 (PDT) Date: Tue, 3 Aug 2021 16:22:29 +0800 In-Reply-To: <20210803082237.723766-1-howardchung@google.com> Message-Id: <20210803161319.Bluez.v8.5.Id0842634d98a21fbdfa5cc72c76a462a98bf6f40@changeid> Mime-Version: 1.0 References: <20210803082237.723766-1-howardchung@google.com> X-Mailer: git-send-email 2.32.0.554.ge1b32706d8-goog Subject: [Bluez PATCH v8 05/13] plugins: new plugin From: Howard Chung To: linux-bluetooth@vger.kernel.org, luiz.dentz@gmail.com Cc: Yun-Hao Chung , Miao-chen Chou Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Yun-Hao Chung This adds an initial code for a new plugin admin. Reviewed-by: Miao-chen Chou --- (no changes since v1) Makefile.plugins | 5 +++++ bootstrap-configure | 1 + configure.ac | 4 ++++ plugins/admin.c | 30 ++++++++++++++++++++++++++++++ 4 files changed, 40 insertions(+) create mode 100644 plugins/admin.c diff --git a/Makefile.plugins b/Makefile.plugins index 4e6a72b0bdf6..69fb01001cc6 100644 --- a/Makefile.plugins +++ b/Makefile.plugins @@ -11,6 +11,11 @@ builtin_sources += plugins/autopair.c builtin_modules += policy builtin_sources += plugins/policy.c +if ADMIN +builtin_modules += admin +builtin_sources += plugins/admin.c +endif + if NFC builtin_modules += neard builtin_sources += plugins/neard.c diff --git a/bootstrap-configure b/bootstrap-configure index 0efd83abc2c4..a34be832068e 100755 --- a/bootstrap-configure +++ b/bootstrap-configure @@ -30,4 +30,5 @@ fi --enable-pie \ --enable-cups \ --enable-library \ + --enable-admin \ --disable-datafiles $* diff --git a/configure.ac b/configure.ac index a5afaea6cfcd..0744860b89fb 100644 --- a/configure.ac +++ b/configure.ac @@ -364,6 +364,10 @@ AC_ARG_ENABLE(logger, AC_HELP_STRING([--enable-logger], [enable HCI logger service]), [enable_logger=${enableval}]) AM_CONDITIONAL(LOGGER, test "${enable_logger}" = "yes") +AC_ARG_ENABLE(admin, AC_HELP_STRING([--enable-admin], + [enable admin policy plugin]), [enable_admin=${enableval}]) +AM_CONDITIONAL(ADMIN, test "${enable_admin}" = "yes") + if (test "${prefix}" = "NONE"); then dnl no prefix and no localstatedir, so default to /var if (test "$localstatedir" = '${prefix}/var'); then diff --git a/plugins/admin.c b/plugins/admin.c new file mode 100644 index 000000000000..42866bcf7be2 --- /dev/null +++ b/plugins/admin.c @@ -0,0 +1,30 @@ +// SPDX-License-Identifier: LGPL-2.1-or-later +/* + * + * BlueZ - Bluetooth protocol stack for Linux + * + * Copyright (C) 2021 Google LLC + * + * + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include "src/log.h" +#include "src/plugin.h" + +static int admin_init(void) +{ + DBG(""); +} + +static void admin_exit(void) +{ + DBG(""); +} + +BLUETOOTH_PLUGIN_DEFINE(admin, VERSION, + BLUETOOTH_PLUGIN_PRIORITY_DEFAULT, + admin_init, admin_exit) From patchwork Tue Aug 3 08:22:30 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Howard Chung X-Patchwork-Id: 491053 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-26.3 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, USER_AGENT_GIT,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 220B2C4338F for ; Tue, 3 Aug 2021 08:23:27 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 0C1CA60F93 for ; Tue, 3 Aug 2021 08:23:27 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234580AbhHCIXg (ORCPT ); Tue, 3 Aug 2021 04:23:36 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51964 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234579AbhHCIXg (ORCPT ); Tue, 3 Aug 2021 04:23:36 -0400 Received: from mail-yb1-xb49.google.com (mail-yb1-xb49.google.com [IPv6:2607:f8b0:4864:20::b49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C12A1C061764 for ; Tue, 3 Aug 2021 01:23:25 -0700 (PDT) Received: by mail-yb1-xb49.google.com with SMTP id a6-20020a25ae060000b0290551bbd99700so22164341ybj.6 for ; Tue, 03 Aug 2021 01:23:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=ov+ljL+WLImh2UNgqiJukm2dfT5futa1Kc0R7vlTCyc=; b=Un1Nj8F9VASL8QrrWVLDNJB3gcL2U7EVeYH1dGrP1FgBrEFgSHbjg/g6Yx5Htz90pE ipS8Nhe5r2IO7aDr1wXbY7co8KEz8Hf1ChL5Juv+XV0895wiSvG8kVixTTpfTwM/m8a5 SQPscy+UU6jdnpqXNDPcop88dxbWZVkIRrtTd0vsW3JVMSTmume4NUD+c5mQYHP/lnVl MHuK5oeqwvpQqCnHH+54qZO3wc85U3KlpKSVKA0TBUnkR8t1s2zq+KZ5CpXyeszDsSqT GVnQO44Ja7ZDOPX4Ym1TjM05txODQbWH2BEVfEejbAOE+e2POabkWJBXIL5N6g1itri0 WnXA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=ov+ljL+WLImh2UNgqiJukm2dfT5futa1Kc0R7vlTCyc=; b=gw5p9fZUlCRu6OzxX7sg9Pl/RUWY/JfPT0wUHMflMbJJA34xNc1J0b5IRYrxsNTK72 43bH9iaVDggSd9breYuiQznpe7zkowU+gMOM//gJLnaFPuNbE6pC+4PJOEimemiZFL5u OTVtTC4km4L2cG5zY493WVAuoqFpreNHz1CRnHaHmUYVbx6koV66U0w/j0DHnuwwISX7 H/ItkT7eBnML91IqsQsePuN54JGycKFnJpHzde+d4/GfALxqCOuX1d4p64Xm3uq6dPzM VEV+ggre3+5MItztgRlRmNjFFtIeXLYVi9scOemfDF81E1HaVA1YxjZELYDZ8hK31hgx NdjA== X-Gm-Message-State: AOAM533cFMGE+fBrqk9GxgcJD0pxkB8BMhDvnmdH3dCwX13wF5ef6K5V aYZ9BuvGmDms7xy7lHsYpkgxSR4bK55eljY1o27YVqrAaXlntZhP9PfSwqR48iJBuyTUmZoFfuA BzCi33yAu/mcOrJfLGKTao6Ox64KbNg1uR8itivA7wVUYenRBq0ZtN6iQ6THB3eSr0K8Ptm8F8o hl6RdoAprY2fw= X-Google-Smtp-Source: ABdhPJx7Lal1FFpsg0dQ5omrLtS+0eUN2qxeF3o/fFSQ0WF7bkyTSsbEKcVUFZu2bCPKcFWzd0cl9573j8pGWeDu9A== X-Received: from howardchung-p920.tpe.corp.google.com ([2401:fa00:1:10:ef55:8161:c77b:7a8d]) (user=howardchung job=sendgmr) by 2002:a25:aaf1:: with SMTP id t104mr27000063ybi.516.1627979004960; Tue, 03 Aug 2021 01:23:24 -0700 (PDT) Date: Tue, 3 Aug 2021 16:22:30 +0800 In-Reply-To: <20210803082237.723766-1-howardchung@google.com> Message-Id: <20210803161319.Bluez.v8.6.I29607be7ac91b0a494ab51713ba14f583eb858ed@changeid> Mime-Version: 1.0 References: <20210803082237.723766-1-howardchung@google.com> X-Mailer: git-send-email 2.32.0.554.ge1b32706d8-goog Subject: [Bluez PATCH v8 06/13] plugins/admin: add admin_policy adapter driver From: Howard Chung To: linux-bluetooth@vger.kernel.org, luiz.dentz@gmail.com Cc: Yun-Hao Chung , Miao-chen Chou Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Yun-Hao Chung This adds code to register admin_policy driver to adapter when admin plugin is enabled. The following test steps were performed: 1. restart bluetoothd 2. check if "Admin Policy is enabled" in system log Reviewed-by: Miao-chen Chou --- (no changes since v1) plugins/admin.c | 67 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 67 insertions(+) diff --git a/plugins/admin.c b/plugins/admin.c index 42866bcf7be2..923e08cb836b 100644 --- a/plugins/admin.c +++ b/plugins/admin.c @@ -12,17 +12,84 @@ #include #endif +#include "lib/bluetooth.h" + +#include "src/adapter.h" +#include "src/error.h" #include "src/log.h" #include "src/plugin.h" +#include "src/shared/queue.h" + +/* |policy_data| has the same life cycle as btd_adapter */ +static struct btd_admin_policy { + struct btd_adapter *adapter; + uint16_t adapter_id; +} *policy_data = NULL; + +static struct btd_admin_policy *admin_policy_new(struct btd_adapter *adapter) +{ + struct btd_admin_policy *admin_policy = NULL; + + admin_policy = g_try_malloc(sizeof(*admin_policy)); + if (!admin_policy) { + btd_error(btd_adapter_get_index(adapter), + "Failed to allocate memory for admin_policy"); + return NULL; + } + + admin_policy->adapter = adapter; + admin_policy->adapter_id = btd_adapter_get_index(adapter); + + return admin_policy; +} + +static void admin_policy_free(void *data) +{ + struct btd_admin_policy *admin_policy = data; + + g_free(admin_policy); +} + +static int admin_policy_adapter_probe(struct btd_adapter *adapter) +{ + if (policy_data) { + btd_warn(policy_data->adapter_id, + "Policy data already exists"); + admin_policy_free(policy_data); + policy_data = NULL; + } + + policy_data = admin_policy_new(adapter); + if (!policy_data) + return -ENOMEM; + + btd_info(policy_data->adapter_id, "Admin Policy has been enabled"); + + return 0; +} + +static struct btd_adapter_driver admin_policy_driver = { + .name = "admin_policy", + .probe = admin_policy_adapter_probe, + .resume = NULL, +}; + static int admin_init(void) { DBG(""); + + return btd_register_adapter_driver(&admin_policy_driver); } static void admin_exit(void) { DBG(""); + + btd_unregister_adapter_driver(&admin_policy_driver); + + if (policy_data) + admin_policy_free(policy_data); } BLUETOOTH_PLUGIN_DEFINE(admin, VERSION, From patchwork Tue Aug 3 08:22:31 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Howard Chung X-Patchwork-Id: 491801 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-26.3 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, USER_AGENT_GIT,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 89DEAC4338F for ; Tue, 3 Aug 2021 08:23:33 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 7387C60F8F for ; Tue, 3 Aug 2021 08:23:33 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234613AbhHCIXm (ORCPT ); Tue, 3 Aug 2021 04:23:42 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51984 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234622AbhHCIXk (ORCPT ); Tue, 3 Aug 2021 04:23:40 -0400 Received: from mail-qv1-xf4a.google.com (mail-qv1-xf4a.google.com [IPv6:2607:f8b0:4864:20::f4a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 141FAC06175F for ; Tue, 3 Aug 2021 01:23:29 -0700 (PDT) Received: by mail-qv1-xf4a.google.com with SMTP id cb3-20020ad456230000b02903319321d1e3so16830888qvb.14 for ; Tue, 03 Aug 2021 01:23:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=+YRk0e87Fy4+hULeH4RsY+6kkkKU8k2ny1F7i1QOpA0=; b=fg6BrFZgJqVidSZrBO+slDeUmCy3HECR+OOVBfjKjXOWT4+Hb0C1Pbp6fYfrjHsrY6 4WMQzAqfUfiwJCKtpA7Szcv8puZ176b71H3CZziFTsZlxtXpC540vk8GCu/XSWAC0r9E 6IFGNJ4JShGt8/eDQ5+Dmgj9nFo7OQVH0EkjVrvYKjjGDxyAUhV6a5SbEMLk2N/v5Mgz GuM97pGUtoZQc8hEEDW3cGYCRs3qtPiwqC9qjFTFw9jZ/bl3T6uFGr34ONDVh2QGUDHs JhFiXiBJFCXx7Eu86ud6HNIQaRVXATyw2rjiRh0XIEjXfSqsEUOT6wtlEK8KBkvdRpme fT5w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=+YRk0e87Fy4+hULeH4RsY+6kkkKU8k2ny1F7i1QOpA0=; b=jOvW0djBRsK0xB/vlNYTu3tNB2whDr32blcK3wMQCP4CI6GIPXHtVfsRsydX31JIvs sfKunBsFCch4fNoerHxrhKK13XQ7zGw1Wj32A/NXezn5pe2XXcX11oYd8Uu60sC9FkJ/ WjEhd0ooy0KRE94n8RZxC+rslM917JhdctwJ2LtmlTwMft+/6KCQb33OET1o5vHdVpNB epDWqOWrUKHHqbMbOIx1PDEJvI//O7jDOyMEDv2dH9enK99D3Nkj+Y/5MmV3J7haafvN 8Bl0lOtVqFyAq51LqfFcNunOZLyafg5CliSqwZUAsTmy/uo4YqENDyCCwi3T1mhxt4Ms ibvQ== X-Gm-Message-State: AOAM530NUfKcT5qvdJCnq37cGd/HQ76zCkHXVF4RFA+inLSVMK0Vf6L5 JJXUmC8kcCU9CdTlmPPOzOSnfWGaRrhWU1cpudsdftHzZ41CXeRWnluPrPST1Wv535BsRPWk0tf 5wOn/2CJK2p7gLwEsPERIPiPQd7EwVW9QrbYZx+e4OaexXE4IjgWGKrNtgbuq1dk9sl+HjM6CYW rY6bqlnshPrY4= X-Google-Smtp-Source: ABdhPJzkfEcEQLf4QLR9jL2jUyDZoagCI6gxb1ztRXnIq47wMiGZ2ups39/nLD0VbosMymRl7NvVw0B8apRtWJHw5g== X-Received: from howardchung-p920.tpe.corp.google.com ([2401:fa00:1:10:ef55:8161:c77b:7a8d]) (user=howardchung job=sendgmr) by 2002:ad4:4521:: with SMTP id l1mr20584127qvu.29.1627979008165; Tue, 03 Aug 2021 01:23:28 -0700 (PDT) Date: Tue, 3 Aug 2021 16:22:31 +0800 In-Reply-To: <20210803082237.723766-1-howardchung@google.com> Message-Id: <20210803161319.Bluez.v8.7.Ifbb69dd6e371da3a914049a94615064479b9024b@changeid> Mime-Version: 1.0 References: <20210803082237.723766-1-howardchung@google.com> X-Mailer: git-send-email 2.32.0.554.ge1b32706d8-goog Subject: [Bluez PATCH v8 07/13] plugins/admin: add ServiceAllowList method From: Howard Chung To: linux-bluetooth@vger.kernel.org, luiz.dentz@gmail.com Cc: Yun-Hao Chung , Miao-chen Chou Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Yun-Hao Chung This adds code to register interface org.bluez.AdminPolicySet1. The interface will provide methods to limit users to operate certain functions of bluez, such as allow/disallow user to taggle adapter power, or only allow users to connect services in the specified list, etc. This patch also implements ServiceAllowlist in org.bluez.AdminPolicySet1. Reviewed-by: Miao-chen Chou --- The following test steps were performed: 1. Set ServiceAllowList to ["1108","110A","110B","110C","110D","110E", "110F","1112","111E","111F","1203"] ( users are only allowed to connect headset ) 2. Turn on paired WF1000XM3, and listen music on Youtube. 3. Turn on paired K830 (LE device), press any key on keyboard. 4. Turn on paired Samsung Bluetooth Keyboard EE-BT550 (BREDR device), press any key on keyboard. 5. Set ServiceAllowList to ["1124","180A","180F","1812"] ( users are only allowed to connect HID devices ) 6. Turn on paired WF1000XM3, and listen music on Youtube. 7. Turn on paired K830 (LE device), press any key on keyboard. 8. Turn on paired Samsung Bluetooth Keyboard EE-BT550 (BREDR device), press any key on keyboard. 9. Set ServiceAllowList to [] ( users are only allowed to connect any device. ) 10. Turn on paired WF1000XM3, and listen music on Youtube. 11. Turn on paired K830 (LE device), press any key on keyboard. 12. Turn on paired Samsung Bluetooth Keyboard EE-BT550 (BREDR device), press any key on keyboard. Expected results: Step 2,7,8,9,10,11 should success, and step 3,4,6 should fail. (no changes since v1) plugins/admin.c | 127 +++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 126 insertions(+), 1 deletion(-) diff --git a/plugins/admin.c b/plugins/admin.c index 923e08cb836b..1fe2904d93d9 100644 --- a/plugins/admin.c +++ b/plugins/admin.c @@ -12,19 +12,29 @@ #include #endif +#include +#include + #include "lib/bluetooth.h" +#include "lib/uuid.h" #include "src/adapter.h" +#include "src/dbus-common.h" #include "src/error.h" #include "src/log.h" #include "src/plugin.h" #include "src/shared/queue.h" +#define ADMIN_POLICY_SET_INTERFACE "org.bluez.AdminPolicySet1" + +static DBusConnection *dbus_conn; + /* |policy_data| has the same life cycle as btd_adapter */ static struct btd_admin_policy { struct btd_adapter *adapter; uint16_t adapter_id; + struct queue *service_allowlist; } *policy_data = NULL; static struct btd_admin_policy *admin_policy_new(struct btd_adapter *adapter) @@ -40,19 +50,120 @@ static struct btd_admin_policy *admin_policy_new(struct btd_adapter *adapter) admin_policy->adapter = adapter; admin_policy->adapter_id = btd_adapter_get_index(adapter); + admin_policy->service_allowlist = NULL; return admin_policy; } +static void free_service_allowlist(struct queue *q) +{ + queue_destroy(q, g_free); +} + static void admin_policy_free(void *data) { struct btd_admin_policy *admin_policy = data; + free_service_allowlist(admin_policy->service_allowlist); g_free(admin_policy); } +static struct queue *parse_allow_service_list(struct btd_adapter *adapter, + DBusMessage *msg) +{ + DBusMessageIter iter, arr_iter; + struct queue *uuid_list = NULL; + + dbus_message_iter_init(msg, &iter); + if (dbus_message_iter_get_arg_type(&iter) != DBUS_TYPE_ARRAY) + return NULL; + + uuid_list = queue_new(); + dbus_message_iter_recurse(&iter, &arr_iter); + do { + const int type = dbus_message_iter_get_arg_type(&arr_iter); + char *uuid_param; + bt_uuid_t *uuid; + + if (type == DBUS_TYPE_INVALID) + break; + + if (type != DBUS_TYPE_STRING) + goto failed; + + dbus_message_iter_get_basic(&arr_iter, &uuid_param); + + uuid = g_try_malloc(sizeof(*uuid)); + if (!uuid) + goto failed; + + if (bt_string_to_uuid(uuid, uuid_param)) { + g_free(uuid); + goto failed; + } + + queue_push_head(uuid_list, uuid); + + dbus_message_iter_next(&arr_iter); + } while (true); + + return uuid_list; + +failed: + queue_destroy(uuid_list, g_free); + return NULL; +} + +static bool service_allowlist_set(struct btd_admin_policy *admin_policy, + struct queue *uuid_list) +{ + struct btd_adapter *adapter = admin_policy->adapter; + + if (!btd_adapter_set_allowed_uuids(adapter, uuid_list)) + return false; + + free_service_allowlist(admin_policy->service_allowlist); + admin_policy->service_allowlist = uuid_list; + + return true; +} + +static DBusMessage *set_service_allowlist(DBusConnection *conn, + DBusMessage *msg, void *user_data) +{ + struct btd_admin_policy *admin_policy = user_data; + struct btd_adapter *adapter = admin_policy->adapter; + struct queue *uuid_list = NULL; + const char *sender = dbus_message_get_sender(msg); + + DBG("sender %s", sender); + + /* Parse parameters */ + uuid_list = parse_allow_service_list(adapter, msg); + if (!uuid_list) { + btd_error(admin_policy->adapter_id, + "Failed on parsing allowed service list"); + return btd_error_invalid_args(msg); + } + + if (!service_allowlist_set(admin_policy, uuid_list)) { + free_service_allowlist(uuid_list); + return btd_error_failed(msg, "service_allowlist_set failed"); + } + + return dbus_message_new_method_return(msg); +} + +static const GDBusMethodTable admin_policy_adapter_methods[] = { + { GDBUS_METHOD("SetServiceAllowList", GDBUS_ARGS({ "UUIDs", "as" }), + NULL, set_service_allowlist) }, + { } +}; + static int admin_policy_adapter_probe(struct btd_adapter *adapter) { + const char *adapter_path; + if (policy_data) { btd_warn(policy_data->adapter_id, "Policy data already exists"); @@ -64,8 +175,20 @@ static int admin_policy_adapter_probe(struct btd_adapter *adapter) if (!policy_data) return -ENOMEM; - btd_info(policy_data->adapter_id, "Admin Policy has been enabled"); + adapter_path = adapter_get_path(adapter); + if (!g_dbus_register_interface(dbus_conn, adapter_path, + ADMIN_POLICY_SET_INTERFACE, + admin_policy_adapter_methods, NULL, + NULL, policy_data, admin_policy_free)) { + btd_error(policy_data->adapter_id, + "Admin Policy Set interface init failed on path %s", + adapter_path); + return -EINVAL; + } + + btd_info(policy_data->adapter_id, + "Admin Policy Set interface registered"); return 0; } @@ -79,6 +202,8 @@ static int admin_init(void) { DBG(""); + dbus_conn = btd_get_dbus_connection(); + return btd_register_adapter_driver(&admin_policy_driver); } From patchwork Tue Aug 3 08:22:32 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Howard Chung X-Patchwork-Id: 491052 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-26.3 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, USER_AGENT_GIT,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 65DDDC4338F for ; Tue, 3 Aug 2021 08:23:38 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 4941F60F48 for ; Tue, 3 Aug 2021 08:23:38 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234636AbhHCIXr (ORCPT ); Tue, 3 Aug 2021 04:23:47 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52014 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234627AbhHCIXn (ORCPT ); Tue, 3 Aug 2021 04:23:43 -0400 Received: from mail-qt1-x84a.google.com (mail-qt1-x84a.google.com [IPv6:2607:f8b0:4864:20::84a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BADD2C0613D5 for ; Tue, 3 Aug 2021 01:23:32 -0700 (PDT) Received: by mail-qt1-x84a.google.com with SMTP id m2-20020ac807c20000b0290269bd8044e1so12524928qth.10 for ; Tue, 03 Aug 2021 01:23:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=AODxBjZj+nI2kbzDyMsrX+mfmhxGjROcT4no+1E+pG8=; b=L8TooUadBrv/7SHYQjxaR8IHQJ9/DF+vHPCgawyyb86/ejHZzkYT/z56ilkT0MfNm0 KBtyS62lQ5ivnTolLvVBpiHG1Qa94yub7/aU0NpjlGbSuNdwxi4HsXvi/lC38YSaUhaT 3NB05Uq1xW2jo3IfuMYA+fBSCVfqUzltjcel0Mwak7NlWhLOWKUEIQZumZD3OHlINJ5c FMo67FUqimPHpAC1woV3nSw3/0o2Lsab69pg35mgJGFZhNEksQZvXf/880VQRdXJR6Q0 dXKBklhzvWDvk9i/eML3g7/HwLOI1qZk/08Xs8YY7iI53ueTfpiSX0bvwI2mWNiGgQjF LuwQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=AODxBjZj+nI2kbzDyMsrX+mfmhxGjROcT4no+1E+pG8=; b=bGrs4iGppY79Mr1i80S8nhEvomia3IpVqRVbvUBKrNFS6rkLbNMfWwNVU/JCulux4k MSiZ+gevb6SGQzlky54nHB8FrK2w52c/k3RD4RprbYQT82v5OT0BhiD+Teaedj9wAdum gAhoe/6I6yWxNWz4h6nBXtbcptvYFG8dXDi4LiYLdhbb65Lup+uBj5mPACnENoBPpkVp 4a5ycL7kmASSQ6Xfi4dDRB7oAIWYBNDegOtBmX+9YUxHsLeQsPsQsJK5GedfBY5OR3rb fQ7gYCWWmUnXHxezC++lj9ObF3EpuaXTK3xp0DM2Ax9BU+0YlCide7L2ctSFSCw09qDJ emmg== X-Gm-Message-State: AOAM533d19k+fPewuBAkokPbzc5Fn/lWsCSFvfixSMZBfn2IvbNS26DD UdsfZoE3TZ230vbHdvQUEI3h1qpRRbU73EC3L2uxdhinZwCwFmP8vDtbPlRDXbJMuh72faGhRLj rfFo9DZVFFh6gl4nHzOT9dFZ6a3iEkFQgxBCjbAAAc/w+0sXhL9u1M35x/yZ8zn+203F7kW1Vct Nzc9tmV6iBkiU= X-Google-Smtp-Source: ABdhPJy3pISrAr5cr+trtFIeRp6Gsg9PeU7xOwD9vNoLvf6eFKK3LzKBBwqAwgiIlRb2hnYSyND0m3CF3J/yPPKksA== X-Received: from howardchung-p920.tpe.corp.google.com ([2401:fa00:1:10:ef55:8161:c77b:7a8d]) (user=howardchung job=sendgmr) by 2002:a05:6214:1c47:: with SMTP id if7mr20231558qvb.6.1627979011923; Tue, 03 Aug 2021 01:23:31 -0700 (PDT) Date: Tue, 3 Aug 2021 16:22:32 +0800 In-Reply-To: <20210803082237.723766-1-howardchung@google.com> Message-Id: <20210803161319.Bluez.v8.8.I00fd6c348e4c93501de6de0eae0d23436fd3895b@changeid> Mime-Version: 1.0 References: <20210803082237.723766-1-howardchung@google.com> X-Mailer: git-send-email 2.32.0.554.ge1b32706d8-goog Subject: [Bluez PATCH v8 08/13] plugins/admin: add ServiceAllowList property From: Howard Chung To: linux-bluetooth@vger.kernel.org, luiz.dentz@gmail.com Cc: Yun-Hao Chung , Miao-chen Chou Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Yun-Hao Chung This adds code to register interface org.bluez.AdminPolicyStatus. The interface will provide read-only properties to indicate the current settings of admin policies. We separate this from AdminPolicySet so that normal clients can check current policy settings while only a few clients can change policies. This patch also adds readonly property ServiceAllowlist to AdminPolicyStatus1, which indicates the current setting of service allowlist. Reviewed-by: Miao-chen Chou --- The following test steps were performed: 1. Set ServiceAllowList to ["1124","180A","180F","1812"] 2. Verify ServiceAllowList is ["1124","180A","180F","1812"] in UUID-128 form 3. Set ServiceAllowList to [] 4. Verify ServiceAllowList is [] (no changes since v1) plugins/admin.c | 58 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) diff --git a/plugins/admin.c b/plugins/admin.c index 1fe2904d93d9..d89a77c8a123 100644 --- a/plugins/admin.c +++ b/plugins/admin.c @@ -27,6 +27,7 @@ #include "src/shared/queue.h" #define ADMIN_POLICY_SET_INTERFACE "org.bluez.AdminPolicySet1" +#define ADMIN_POLICY_STATUS_INTERFACE "org.bluez.AdminPolicyStatus1" static DBusConnection *dbus_conn; @@ -151,6 +152,11 @@ static DBusMessage *set_service_allowlist(DBusConnection *conn, return btd_error_failed(msg, "service_allowlist_set failed"); } + g_dbus_emit_property_changed(dbus_conn, + adapter_get_path(policy_data->adapter), + ADMIN_POLICY_STATUS_INTERFACE, + "ServiceAllowList"); + return dbus_message_new_method_return(msg); } @@ -160,6 +166,43 @@ static const GDBusMethodTable admin_policy_adapter_methods[] = { { } }; +void append_service_uuid(void *data, void *user_data) +{ + bt_uuid_t *uuid = data; + DBusMessageIter *entry = user_data; + char uuid_str[MAX_LEN_UUID_STR]; + const char *uuid_str_ptr = uuid_str; + + if (!uuid) { + error("Unexpected NULL uuid data in service_allowlist"); + return; + } + + bt_uuid_to_string(uuid, uuid_str, MAX_LEN_UUID_STR); + dbus_message_iter_append_basic(entry, DBUS_TYPE_STRING, &uuid_str_ptr); +} + +static gboolean property_get_service_allowlist( + const GDBusPropertyTable *property, + DBusMessageIter *iter, void *user_data) +{ + struct btd_admin_policy *admin_policy = user_data; + DBusMessageIter entry; + + dbus_message_iter_open_container(iter, DBUS_TYPE_ARRAY, + DBUS_TYPE_STRING_AS_STRING, &entry); + queue_foreach(admin_policy->service_allowlist, append_service_uuid, + &entry); + dbus_message_iter_close_container(iter, &entry); + + return TRUE; +} + +static const GDBusPropertyTable admin_policy_adapter_properties[] = { + { "ServiceAllowList", "as", property_get_service_allowlist }, + { } +}; + static int admin_policy_adapter_probe(struct btd_adapter *adapter) { const char *adapter_path; @@ -189,6 +232,21 @@ static int admin_policy_adapter_probe(struct btd_adapter *adapter) btd_info(policy_data->adapter_id, "Admin Policy Set interface registered"); + + if (!g_dbus_register_interface(dbus_conn, adapter_path, + ADMIN_POLICY_STATUS_INTERFACE, + NULL, NULL, + admin_policy_adapter_properties, + policy_data, admin_policy_free)) { + btd_error(policy_data->adapter_id, + "Admin Policy Status interface init failed on path %s", + adapter_path); + return -EINVAL; + } + + btd_info(policy_data->adapter_id, + "Admin Policy Status interface registered"); + return 0; } From patchwork Tue Aug 3 08:22:33 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Howard Chung X-Patchwork-Id: 491800 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-23.5 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, UNWANTED_LANGUAGE_BODY, USER_AGENT_GIT, USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5661CC432BE for ; Tue, 3 Aug 2021 08:23:39 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 3EFDE60F70 for ; Tue, 3 Aug 2021 08:23:39 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234623AbhHCIXt (ORCPT ); Tue, 3 Aug 2021 04:23:49 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52030 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234635AbhHCIXr (ORCPT ); Tue, 3 Aug 2021 04:23:47 -0400 Received: from mail-qt1-x84a.google.com (mail-qt1-x84a.google.com [IPv6:2607:f8b0:4864:20::84a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4A60BC06175F for ; Tue, 3 Aug 2021 01:23:36 -0700 (PDT) Received: by mail-qt1-x84a.google.com with SMTP id l24-20020ac872580000b029024e988e8277so12532643qtp.23 for ; Tue, 03 Aug 2021 01:23:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=giwisLB89Dy29AKqDJg4LUiZ2o+hUXlzvDFwVjwDJE4=; b=RsjZmoWfOsz4EHStmgguLBqTiBGb8Aj8RHlSDvqmZagsfTB6grSLmEqfdOATBL/Tk+ Ww/UvqoRv/F9hg8fPU165VZyhV9V4iH9/4oFM4UoGggNqx3DdUkdeSs/gWVvwAqJ/X4n mRi2q023tRl5WA8lr5IHYVF+Yf+FRQysC3I4O6z2Jrzme7r1b7/htEke2G8/IseKXu8e xkM+uKJSrnLak91SJz/2xgaPb+w7luU7SuoMVH2jri0VkzD5W09ywcorBKRaMw+cue0h 7C5T9BaVtHXZ7OgblioePaJoEYTkL5a0CpG2Mtx2Ds7hFynoOEDdb/bU0jyJ+nf93/NO /CpA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=giwisLB89Dy29AKqDJg4LUiZ2o+hUXlzvDFwVjwDJE4=; b=EVY9doogQnElz2FEEM4idKikDOEURMkEIsSnW3XSr0ewh4SAJfsNu6RC3GsMykiKB1 02lOWEKizJx9Tya6BkoDGfx2RMKejEcXgGbQbFxxoTcTwik4CcSe1WFvrIBqtLI2kKij rLPF70c2NzCVU0h5jAyihjDZ7pPXVIe9xxhfIHwJNtHdbgJEO6XjWWB2//TCAZzzXUo2 W93pwYdojnxKyqiRDwUCgOxtmukC4aMU1xhj24K6BIGnP/S2O/V8nvshnaOPv9iwfhU9 L+KXQQpcokg5UgUOG5Q171TyQXhkyB4t4sGVanPw741Uw9TAAY/yB2bw6URZU3bjGFFA q9Rw== X-Gm-Message-State: AOAM5326r4PWz+TxQjXFNn8xqIwX2ksBIftCIkxGWMuCaYV6zihXYB+9 wjjUY3DpzLYnRhAGyOS6OLn4kuyqqWHNnCFJovT4BFCkW6cQjOPS+G03jihh4GvdjKyoJ84bY0U SfSf3ZuY0ZPKSMzBiFBEQezLzY1yck/SrNOzMOMZ6L4/yx1r776804vZAKPoqzwx5VIelKH5gl7 Vha9yISJZLM6o= X-Google-Smtp-Source: ABdhPJyyn/P+Aar5Q7sHmpH1bSR4pVEI1sgxRCClSFYd4Keb177nbuXt2axyinGRqpuQhtcw6P3LlTnF5OxPiTDyig== X-Received: from howardchung-p920.tpe.corp.google.com ([2401:fa00:1:10:ef55:8161:c77b:7a8d]) (user=howardchung job=sendgmr) by 2002:a05:6214:d4b:: with SMTP id 11mr3904691qvr.44.1627979015364; Tue, 03 Aug 2021 01:23:35 -0700 (PDT) Date: Tue, 3 Aug 2021 16:22:33 +0800 In-Reply-To: <20210803082237.723766-1-howardchung@google.com> Message-Id: <20210803161319.Bluez.v8.9.I517e5199ac8019b770c7ee8c92a294ec1c752748@changeid> Mime-Version: 1.0 References: <20210803082237.723766-1-howardchung@google.com> X-Mailer: git-send-email 2.32.0.554.ge1b32706d8-goog Subject: [Bluez PATCH v8 09/13] plugins/admin: add device callbacks From: Howard Chung To: linux-bluetooth@vger.kernel.org, luiz.dentz@gmail.com Cc: Yun-Hao Chung , Miao-chen Chou Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Yun-Hao Chung This adds callbacks for device resolved and device removed. It is necessary for implementation of "AffectedByPolicy" property since it needs to register an interface for each device object and unregister it once the device gets removed. --- The following test steps were performed: 1. start discovery using UI 2. verify device_data were added by checking system log 3. stop discovery 4. verify device_data were removed after a few seconds by checking system log Changes in v8: - add device_data when we get called device_resolved instead of device_added. Otherwise it is possible that a device service has not yet been resolved so device_data->|affected| might not be correct. Reviewed-by: Miao-chen Chou plugins/admin.c | 78 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 78 insertions(+) diff --git a/plugins/admin.c b/plugins/admin.c index d89a77c8a123..0a0d8a39ed37 100644 --- a/plugins/admin.c +++ b/plugins/admin.c @@ -20,6 +20,7 @@ #include "src/adapter.h" #include "src/dbus-common.h" +#include "src/device.h" #include "src/error.h" #include "src/log.h" #include "src/plugin.h" @@ -29,7 +30,11 @@ #define ADMIN_POLICY_SET_INTERFACE "org.bluez.AdminPolicySet1" #define ADMIN_POLICY_STATUS_INTERFACE "org.bluez.AdminPolicyStatus1" +#define DBUS_BLUEZ_SERVICE "org.bluez" +#define BTD_DEVICE_INTERFACE "org.bluez.Device1" + static DBusConnection *dbus_conn; +static struct queue *devices; /* List of struct device_data objects */ /* |policy_data| has the same life cycle as btd_adapter */ static struct btd_admin_policy { @@ -38,6 +43,11 @@ static struct btd_admin_policy { struct queue *service_allowlist; } *policy_data = NULL; +struct device_data { + struct btd_device *device; + char *path; +}; + static struct btd_admin_policy *admin_policy_new(struct btd_adapter *adapter) { struct btd_admin_policy *admin_policy = NULL; @@ -203,6 +213,37 @@ static const GDBusPropertyTable admin_policy_adapter_properties[] = { { } }; +static bool device_data_match(const void *a, const void *b) +{ + const struct device_data *data = a; + const struct btd_device *dev = b; + + if (!data) { + error("Unexpected NULL device_data"); + return false; + } + + return data->device == dev; +} + +static void free_device_data(void *data) +{ + struct device_data *device_data = data; + + g_free(device_data->path); + g_free(device_data); +} + +static void remove_device_data(void *data) +{ + struct device_data *device_data = data; + + DBG("device_data for %s removing", device_data->path); + + queue_remove(devices, device_data); + free_device_data(device_data); +} + static int admin_policy_adapter_probe(struct btd_adapter *adapter) { const char *adapter_path; @@ -250,10 +291,45 @@ static int admin_policy_adapter_probe(struct btd_adapter *adapter) return 0; } +static void admin_policy_device_added(struct btd_adapter *adapter, + struct btd_device *device) +{ + struct device_data *data; + + if (queue_find(devices, device_data_match, device)) + return; + + data = g_new0(struct device_data, 1); + if (!data) { + btd_error(btd_adapter_get_index(adapter), + "Failed to allocate memory for device_data"); + return; + } + + data->device = device; + data->path = g_strdup(device_get_path(device)); + queue_push_tail(devices, data); + + DBG("device_data for %s added", data->path); +} + +static void admin_policy_device_removed(struct btd_adapter *adapter, + struct btd_device *device) +{ + struct device_data *data; + + data = queue_find(devices, device_data_match, device); + + if (data) + remove_device_data(data); +} + static struct btd_adapter_driver admin_policy_driver = { .name = "admin_policy", .probe = admin_policy_adapter_probe, .resume = NULL, + .device_resolved = admin_policy_device_added, + .device_removed = admin_policy_device_removed }; static int admin_init(void) @@ -261,6 +337,7 @@ static int admin_init(void) DBG(""); dbus_conn = btd_get_dbus_connection(); + devices = queue_new(); return btd_register_adapter_driver(&admin_policy_driver); } @@ -270,6 +347,7 @@ static void admin_exit(void) DBG(""); btd_unregister_adapter_driver(&admin_policy_driver); + queue_destroy(devices, free_device_data); if (policy_data) admin_policy_free(policy_data); From patchwork Tue Aug 3 08:22:34 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Howard Chung X-Patchwork-Id: 491051 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-23.5 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, UNWANTED_LANGUAGE_BODY, USER_AGENT_GIT, USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id AA627C4338F for ; Tue, 3 Aug 2021 08:23:41 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 90BFC60F48 for ; Tue, 3 Aug 2021 08:23:41 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234615AbhHCIXv (ORCPT ); Tue, 3 Aug 2021 04:23:51 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52050 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234617AbhHCIXv (ORCPT ); Tue, 3 Aug 2021 04:23:51 -0400 Received: from mail-yb1-xb49.google.com (mail-yb1-xb49.google.com [IPv6:2607:f8b0:4864:20::b49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5ACACC06175F for ; Tue, 3 Aug 2021 01:23:40 -0700 (PDT) Received: by mail-yb1-xb49.google.com with SMTP id f3-20020a25cf030000b029055a2303fc2dso22091502ybg.11 for ; Tue, 03 Aug 2021 01:23:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=NHnWpmnchr1M3qNJZS28mvOxF/U82MrGnXWxqqn/Vsc=; b=W4Xn8GMWR890bv6a1/mtOMH5Zo029YcspvHgioB23vvdXwsdzRKg1H9bCAuhRVN3dp AbfdIPS2CoPNODABPmzHDoi7b/Rde+p167sINssGBpXRguDszj4CNAmo7PTQqvftfG8/ 3/SUCkomW8/J9MIVi8NomMjdFD2k7XSfMWi/Q+6JPwJ+5Lw7ruFIzJ06BJESjTLAwXvo VxHco1OAEzwbMEhCUi54oKJ8K55VFe70gnjmw1LPG/jyE2CElKcfmCFB3F5ZBRE1lEe3 nUeZ/WS09qaZQDlcqqk9ucq9Dc3caT+yhyF3WQdmo/B3waNQK7kf+iW/7CNIyOpHYkbg atiA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=NHnWpmnchr1M3qNJZS28mvOxF/U82MrGnXWxqqn/Vsc=; b=M6bhj33aK/LKDkaSYAov0qQsuRhWU3DyAVAQeSZkUUYP8LdeYiCHGD6lva3EC7+juK jYSNSYM7K5XsaTurTovjdPgrb/9CqZ7otgl3UvmSFj+mfuvBtb7O5qSPadayTAQjxdVi iRJy8EhDheXFVFE/zvIr/Fj1xjg6cro8yVIGnoVUrIDYzj0464Y4quQ9eNsAJppcctYc IZuDvim8Vd+aw1LUSR78Cw+7HBg396FDT9c634ppCXEiiqo1gnfw/aT4AYy0Ua8byYAA YRXSG2xgKMWoVFIwpzV+W9WQW94vzl68Ory5h609PaIAhZPHJmkoqHBJ7YAGioyL1K3i 3PWw== X-Gm-Message-State: AOAM530ueXTAtpO+9mKRImkGXd4tHzCfnQoyGWNF1yHqheszy8x6TpWh xR9PIu9KrYt5Wx4ONYXWfnxYKVz5p6mkjoqe9trrkJo2oDbQZA2bA7KGox6shKWz7pwaIUzNptJ +jc70fI9JgbZxJhrt0ys+fu2BDoYjlvibw/o1RG3RcRRLoQh06tjQytQsoAGACbPqOKj7bkHGUd KXlU4b5e/BkWg= X-Google-Smtp-Source: ABdhPJyy+PZKzeJRErKCUfkPl8+fyIKqyYty3VAteD9CuMkDlanjibxig9zQx+e88BxNxmfZmAjorbUvJAD17iNbwA== X-Received: from howardchung-p920.tpe.corp.google.com ([2401:fa00:1:10:ef55:8161:c77b:7a8d]) (user=howardchung job=sendgmr) by 2002:a25:2985:: with SMTP id p127mr26828528ybp.386.1627979019514; Tue, 03 Aug 2021 01:23:39 -0700 (PDT) Date: Tue, 3 Aug 2021 16:22:34 +0800 In-Reply-To: <20210803082237.723766-1-howardchung@google.com> Message-Id: <20210803161319.Bluez.v8.10.I570c860f59c8ed66ddb31aa54584ee08080aa10c@changeid> Mime-Version: 1.0 References: <20210803082237.723766-1-howardchung@google.com> X-Mailer: git-send-email 2.32.0.554.ge1b32706d8-goog Subject: [Bluez PATCH v8 10/13] plugins/admin: add AffectedByPolicy property From: Howard Chung To: linux-bluetooth@vger.kernel.org, luiz.dentz@gmail.com Cc: Yun-Hao Chung , Miao-chen Chou Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Yun-Hao Chung This adds property to indicate if a device has any service that is being blocked by admin policy. Reviewed-by: Miao-chen Chou --- The following test steps were performed: 1. Set ServiceAllowList to [] 2. Verify AffectedByPolicy of K830 is False 3. Set ServiceAllowList to ["1800"] 4. Verify AffectedByPolicy of K830 is False 5. Set ServiceAllowList to ["1800","1801","180A","180F","1812"] 6. Verify AffectedByPolicy of K830 is True (no changes since v1) plugins/admin.c | 73 +++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 71 insertions(+), 2 deletions(-) diff --git a/plugins/admin.c b/plugins/admin.c index 0a0d8a39ed37..7936f8c11475 100644 --- a/plugins/admin.c +++ b/plugins/admin.c @@ -46,6 +46,7 @@ static struct btd_admin_policy { struct device_data { struct btd_device *device; char *path; + bool affected; }; static struct btd_admin_policy *admin_policy_new(struct btd_adapter *adapter) @@ -139,6 +140,27 @@ static bool service_allowlist_set(struct btd_admin_policy *admin_policy, return true; } +static void update_device_affected(void *data, void *user_data) +{ + struct device_data *dev_data = data; + bool affected; + + if (!dev_data) { + error("Unexpected NULL device_data when updating device"); + return; + } + + affected = !btd_device_all_services_allowed(dev_data->device); + + if (affected == dev_data->affected) + return; + + dev_data->affected = affected; + + g_dbus_emit_property_changed(dbus_conn, dev_data->path, + ADMIN_POLICY_STATUS_INTERFACE, "AffectedByPolicy"); +} + static DBusMessage *set_service_allowlist(DBusConnection *conn, DBusMessage *msg, void *user_data) { @@ -167,6 +189,8 @@ static DBusMessage *set_service_allowlist(DBusConnection *conn, ADMIN_POLICY_STATUS_INTERFACE, "ServiceAllowList"); + queue_foreach(devices, update_device_affected, NULL); + return dbus_message_new_method_return(msg); } @@ -226,6 +250,28 @@ static bool device_data_match(const void *a, const void *b) return data->device == dev; } +static gboolean property_get_affected_by_policy( + const GDBusPropertyTable *property, + DBusMessageIter *iter, void *user_data) +{ + struct device_data *data = user_data; + + if (!data) { + error("Unexpected error: device_data is NULL"); + return FALSE; + } + + dbus_message_iter_append_basic(iter, DBUS_TYPE_BOOLEAN, + &data->affected); + + return TRUE; +} + +static const GDBusPropertyTable admin_policy_device_properties[] = { + { "AffectedByPolicy", "b", property_get_affected_by_policy }, + { } +}; + static void free_device_data(void *data) { struct device_data *device_data = data; @@ -308,11 +354,33 @@ static void admin_policy_device_added(struct btd_adapter *adapter, data->device = device; data->path = g_strdup(device_get_path(device)); + data->affected = !btd_device_all_services_allowed(data->device); + + if (!g_dbus_register_interface(dbus_conn, data->path, + ADMIN_POLICY_STATUS_INTERFACE, + NULL, NULL, + admin_policy_device_properties, + data, remove_device_data)) { + btd_error(btd_adapter_get_index(adapter), + "Admin Policy Status interface init failed on path %s", + device_get_path(device)); + free_device_data(data); + return; + } + queue_push_tail(devices, data); DBG("device_data for %s added", data->path); } +static void unregister_device_data(void *data, void *user_data) +{ + struct device_data *dev_data = data; + + g_dbus_unregister_interface(dbus_conn, dev_data->path, + ADMIN_POLICY_STATUS_INTERFACE); +} + static void admin_policy_device_removed(struct btd_adapter *adapter, struct btd_device *device) { @@ -321,7 +389,7 @@ static void admin_policy_device_removed(struct btd_adapter *adapter, data = queue_find(devices, device_data_match, device); if (data) - remove_device_data(data); + unregister_device_data(data, NULL); } static struct btd_adapter_driver admin_policy_driver = { @@ -347,7 +415,8 @@ static void admin_exit(void) DBG(""); btd_unregister_adapter_driver(&admin_policy_driver); - queue_destroy(devices, free_device_data); + queue_foreach(devices, unregister_device_data, NULL); + queue_destroy(devices, g_free); if (policy_data) admin_policy_free(policy_data); From patchwork Tue Aug 3 08:22:35 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Howard Chung X-Patchwork-Id: 491799 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-23.5 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, UNWANTED_LANGUAGE_BODY, USER_AGENT_GIT, USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id AD3F7C4338F for ; Tue, 3 Aug 2021 08:23:46 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 9205A60EFF for ; Tue, 3 Aug 2021 08:23:46 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234627AbhHCIX4 (ORCPT ); Tue, 3 Aug 2021 04:23:56 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52080 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234617AbhHCIXz (ORCPT ); Tue, 3 Aug 2021 04:23:55 -0400 Received: from mail-yb1-xb49.google.com (mail-yb1-xb49.google.com [IPv6:2607:f8b0:4864:20::b49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 41BE2C06175F for ; Tue, 3 Aug 2021 01:23:44 -0700 (PDT) Received: by mail-yb1-xb49.google.com with SMTP id w200-20020a25c7d10000b02905585436b530so22067003ybe.21 for ; Tue, 03 Aug 2021 01:23:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=SVjSi8TFE4kqjWJxa47zcGVLjNTWKkBBm1I1HBi8OUM=; b=sHnvJ/6EHWJzwo5618wB2bFVbdgV6DegFWAOORBSkepDWLg/MTE+s3NHFWuaCBuEmw eT8HST3GlPjAVLGn8lw1Cef0TT7Lr0oFPfFFD8SNcUYLX9NG1Z3JVsjnSIXweyM32K8C eFzvvKYKzkC/VXfYCxG6cHwxDuf/e/XT/mFLp2KLRzM146mI++Rw5b0fwyarv5gcl2RX It8FS0OAq1trtk3bQUP2KrkDsDq1Meyyq8r6agR5A4j9G7+FaoSFTWjem88biIs7bh/f jyHZfCFsAUgMM/yEdqiyC76YjowoFdeK0wPfYWLEmPOfKNnYvDDapBUffh64YEAuKYAu 6Dcg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=SVjSi8TFE4kqjWJxa47zcGVLjNTWKkBBm1I1HBi8OUM=; b=eteBlwUHUZ3ErfprUsJB4azLT1+bSQTJMDkTcKIL8C3wX2nD0Miey99D8IvJw0awY5 1YkgIyBw4AU8Cu2PvxZVsLVRjehEe5kuqJLqRkuElYQKsx6MvziAuJ1UgYC3Hw3P3U6/ K3kbugssIvHg/W/9QRET8YVLjsIli1QAeLPRm90PEfBxPSK+WUEqUesabRd4h4VdHu+C I8JDW71cO9r6pLes0OwMv91Bxo2+yIGqpNiGhea7SBs8wWoYxm0+WVdnwBxQEXn9Kwl0 R9TngrzMTrf9xsvo69s8JV6/ftbqgRDnysl+7ix7TFmi8dV74Zr9I49fcszFlgXbVLI1 HLhw== X-Gm-Message-State: AOAM532ip0B7Y8UrU4nSD0I1XQpA8CD/7Nx37LPC4yULlKuJCn+3KJ7W 1yXjY/ZqqiZ4hsbVUi8Yst2E8kC2jCyK68PaM49xmifYRa298TGo0VHbnc24xgwSZjzCQU8nIuY jpq3HL0zsN4IzwZizlnpxLmKAQKRNEvWsim+uvCpf4hYy93GKzS6X36ImEeIIk/+oz8ulILvuC3 aJ3s/+f299pWI= X-Google-Smtp-Source: ABdhPJw13hdiRdw8gZAot6yB66Erb4Gq+mTUbgeyTzAyH6EwLSeDBUtjm9ApJW0QDiAecJ/I7AK9sMgN5SMsx6+2iw== X-Received: from howardchung-p920.tpe.corp.google.com ([2401:fa00:1:10:ef55:8161:c77b:7a8d]) (user=howardchung job=sendgmr) by 2002:a25:abb3:: with SMTP id v48mr23615583ybi.482.1627979023421; Tue, 03 Aug 2021 01:23:43 -0700 (PDT) Date: Tue, 3 Aug 2021 16:22:35 +0800 In-Reply-To: <20210803082237.723766-1-howardchung@google.com> Message-Id: <20210803161319.Bluez.v8.11.Ib26c0abdbd417673a8b5788c175c06110726a68c@changeid> Mime-Version: 1.0 References: <20210803082237.723766-1-howardchung@google.com> X-Mailer: git-send-email 2.32.0.554.ge1b32706d8-goog Subject: [Bluez PATCH v8 11/13] plugins/admin: persist policy settings From: Howard Chung To: linux-bluetooth@vger.kernel.org, luiz.dentz@gmail.com Cc: Yun-Hao Chung , Miao-chen Chou Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Yun-Hao Chung This adds code to store the ServiceAllowlist to file /var/lib/bluetooth/{MAC_ADDR}/admin_policy The stored settings will be loaded upon admin_policy initialized. Reviewed-by: Miao-chen Chou --- The following test steps were performed: 1. Set ServiceAllowlist to ["1124","180A","180F","1812", "1801"] 2. restart bluetoothd 3. Verify ServiceAllowlist is ["1124","180A","180F","1812","1801"] in UUID-128 form 4. Set ServiceAllowlist to [] 5. restart bluetoothd 6. Verify ServiceAllowlist is [] Changes in v8: - Move store_policy_settings earlier to avoid forward declaration. plugins/admin.c | 167 +++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 165 insertions(+), 2 deletions(-) diff --git a/plugins/admin.c b/plugins/admin.c index 7936f8c11475..428a5528cc88 100644 --- a/plugins/admin.c +++ b/plugins/admin.c @@ -14,6 +14,9 @@ #include #include +#include +#include +#include #include "lib/bluetooth.h" #include "lib/uuid.h" @@ -24,11 +27,13 @@ #include "src/error.h" #include "src/log.h" #include "src/plugin.h" +#include "src/textfile.h" #include "src/shared/queue.h" #define ADMIN_POLICY_SET_INTERFACE "org.bluez.AdminPolicySet1" #define ADMIN_POLICY_STATUS_INTERFACE "org.bluez.AdminPolicyStatus1" +#define ADMIN_POLICY_STORAGE STORAGEDIR "/admin_policy_settings" #define DBUS_BLUEZ_SERVICE "org.bluez" #define BTD_DEVICE_INTERFACE "org.bluez.Device1" @@ -161,6 +166,161 @@ static void update_device_affected(void *data, void *user_data) ADMIN_POLICY_STATUS_INTERFACE, "AffectedByPolicy"); } +static void free_uuid_strings(char **uuid_strs, gsize num) +{ + gsize i; + + for (i = 0; i < num; i++) + g_free(uuid_strs[i]); + g_free(uuid_strs); +} + +static char **new_uuid_strings(struct queue *allowlist, gsize *num) +{ + const struct queue_entry *entry = NULL; + bt_uuid_t *uuid = NULL; + char **uuid_strs = NULL; + gsize i = 0, allowlist_num; + + /* Set num to a non-zero number so that whoever call this could know if + * this function success or not + */ + *num = 1; + + allowlist_num = queue_length(allowlist); + uuid_strs = g_try_malloc_n(allowlist_num, sizeof(char *)); + if (!uuid_strs) + return NULL; + + for (entry = queue_get_entries(allowlist); entry != NULL; + entry = entry->next) { + uuid = entry->data; + uuid_strs[i] = g_try_malloc0(MAX_LEN_UUID_STR * sizeof(char)); + + if (!uuid_strs[i]) + goto failed; + + bt_uuid_to_string(uuid, uuid_strs[i], MAX_LEN_UUID_STR); + i++; + } + + *num = allowlist_num; + return uuid_strs; + +failed: + free_uuid_strings(uuid_strs, i); + + return NULL; +} + +static void store_policy_settings(struct btd_admin_policy *admin_policy) +{ + GKeyFile *key_file = NULL; + char *filename = ADMIN_POLICY_STORAGE; + char *key_file_data = NULL; + char **uuid_strs = NULL; + gsize length, num_uuids; + + key_file = g_key_file_new(); + + uuid_strs = new_uuid_strings(admin_policy->service_allowlist, + &num_uuids); + + if (!uuid_strs && num_uuids) { + btd_error(admin_policy->adapter_id, + "Failed to allocate uuid strings"); + goto failed; + } + + g_key_file_set_string_list(key_file, "General", "ServiceAllowlist", + (const gchar * const *)uuid_strs, + num_uuids); + + if (create_file(ADMIN_POLICY_STORAGE, 0600) < 0) { + btd_error(admin_policy->adapter_id, "create %s failed, %s", + filename, strerror(errno)); + goto failed; + } + + key_file_data = g_key_file_to_data(key_file, &length, NULL); + g_file_set_contents(ADMIN_POLICY_STORAGE, key_file_data, length, NULL); + + g_free(key_file_data); + free_uuid_strings(uuid_strs, num_uuids); + +failed: + g_key_file_free(key_file); +} + +static void key_file_load_service_allowlist(GKeyFile *key_file, + struct btd_admin_policy *admin_policy) +{ + GError *gerr = NULL; + struct queue *uuid_list = NULL; + gchar **uuids = NULL; + gsize num, i; + + uuids = g_key_file_get_string_list(key_file, "General", + "ServiceAllowlist", &num, &gerr); + + if (gerr) { + btd_error(admin_policy->adapter_id, + "Failed to load ServiceAllowlist"); + g_error_free(gerr); + return; + } + + uuid_list = queue_new(); + for (i = 0; i < num; i++) { + bt_uuid_t *uuid = g_try_malloc(sizeof(*uuid)); + + if (!uuid) + goto failed; + + if (bt_string_to_uuid(uuid, *uuids)) { + + btd_error(admin_policy->adapter_id, + "Failed to convert '%s' to uuid struct", + *uuids); + + g_free(uuid); + goto failed; + } + + queue_push_tail(uuid_list, uuid); + uuids++; + } + + if (!service_allowlist_set(admin_policy, uuid_list)) + goto failed; + + return; +failed: + free_service_allowlist(uuid_list); +} + +static void load_policy_settings(struct btd_admin_policy *admin_policy) +{ + GKeyFile *key_file; + char *filename = ADMIN_POLICY_STORAGE; + struct stat st; + + if (stat(filename, &st) < 0) { + btd_error(admin_policy->adapter_id, + "Failed to get file %s information", + filename); + return; + } + + key_file = g_key_file_new(); + + g_key_file_load_from_file(key_file, filename, 0, NULL); + + key_file_load_service_allowlist(key_file, admin_policy); + + g_key_file_free(key_file); +} + static DBusMessage *set_service_allowlist(DBusConnection *conn, DBusMessage *msg, void *user_data) { @@ -179,7 +339,9 @@ static DBusMessage *set_service_allowlist(DBusConnection *conn, return btd_error_invalid_args(msg); } - if (!service_allowlist_set(admin_policy, uuid_list)) { + if (service_allowlist_set(admin_policy, uuid_list)) { + store_policy_settings(admin_policy); + } else { free_service_allowlist(uuid_list); return btd_error_failed(msg, "service_allowlist_set failed"); } @@ -200,7 +362,7 @@ static const GDBusMethodTable admin_policy_adapter_methods[] = { { } }; -void append_service_uuid(void *data, void *user_data) +static void append_service_uuid(void *data, void *user_data) { bt_uuid_t *uuid = data; DBusMessageIter *entry = user_data; @@ -305,6 +467,7 @@ static int admin_policy_adapter_probe(struct btd_adapter *adapter) if (!policy_data) return -ENOMEM; + load_policy_settings(policy_data); adapter_path = adapter_get_path(adapter); if (!g_dbus_register_interface(dbus_conn, adapter_path, From patchwork Tue Aug 3 08:22:36 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Howard Chung X-Patchwork-Id: 491050 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-26.3 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, USER_AGENT_GIT,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id BE71BC432BE for ; Tue, 3 Aug 2021 08:23:48 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id A6F0560F48 for ; Tue, 3 Aug 2021 08:23:48 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234635AbhHCIX6 (ORCPT ); Tue, 3 Aug 2021 04:23:58 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52106 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234617AbhHCIX6 (ORCPT ); Tue, 3 Aug 2021 04:23:58 -0400 Received: from mail-qv1-xf4a.google.com (mail-qv1-xf4a.google.com [IPv6:2607:f8b0:4864:20::f4a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A2372C0613D5 for ; Tue, 3 Aug 2021 01:23:47 -0700 (PDT) Received: by mail-qv1-xf4a.google.com with SMTP id b8-20020a0562141148b02902f1474ce8b7so16785418qvt.20 for ; Tue, 03 Aug 2021 01:23:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=GUGK6mf2HhVtnM87+R/s6TG00Oczs2xSvSnRMURkPe8=; b=Pcq7c9gQYM5QQWeDId5jgTfElN0Ed7byzvEnjewy0Pn5oMFYdBHj+eRynVdr7lkRX7 9I6Qq6TvhlnkBc77su79v/FAuQvZvXRweXCMPT4RoJ4CjVLeeaFvHAytiMsUWW0ZXkYm cXLn4WmQ/bHqnvyehEUPRCiQJX5iLkC2V5or+EcDryLo592h8FujefrGjz7otN7D9yC7 51bDrQZML1GW70+c3lGBhFvbrp9/xkkdnga4ye09DVH4TIo6ePiHayUC/ZeD+e9f6cXr TVME01IUjiYeRHbreomwYsyOWZygdu3qVM/NPcnbHXLlSqpSiDXVy6jLvpN/jzWoyxes 9z/Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=GUGK6mf2HhVtnM87+R/s6TG00Oczs2xSvSnRMURkPe8=; b=hw+O8GaBrKjv/sXnTD5PkIqxGm/f1FNRKPO5aEwtzhP1Ppy6cRhpAHBBaluiPq28lO ADp5XTXm8VL9qfmdQkCifG4gCuQt1oqam0M2Udzs2SejupyZOcS+ANYgUFxVE6vSSIUy 6VErLCJKYRInbYWB8xRYOM97sptF41xnE33SVa6Bw/4ECVWDYg6FkEhnkYwFv7ImDn5c zUhMamroyqTzDx4etP0Zv3r6S7IZnToa8es/+Pr4QGQxd+6x94mX4EaYkSkaFAxG1xNu 5TNfmqrqBoQTLejhDyAxY3eGPFkYmZyTm+0nPreYgNM5KXrxhRHnPm82ObOmHsuvoBTO HsJw== X-Gm-Message-State: AOAM5312K351qCUjIuXwaCY4zhSFNnNrZcsgB29nA0Ds/1mv/+RbWbIp SKgwG9Hmmz0pID60jDLYEtyMvqXmoWs0S0480m3YVmno6uXy11Da3gRQmRVKVR4vnIAh1d31y2o x+Wwr+lj80CFcuqP50ysSsOLI8xmtR0HIHp2N1oz05o/txs6dhYKma6V957qcRd1+oycUvbD4I3 2US6IAUJCu62g= X-Google-Smtp-Source: ABdhPJxO8gHjUohPfA1AlvKFeD7dTS6ZwAj2xbOaxmaXFEbwXmG+JY0yyCCuT5eKbHWcpTRBzRE+XXTD/5c/gqDzyw== X-Received: from howardchung-p920.tpe.corp.google.com ([2401:fa00:1:10:ef55:8161:c77b:7a8d]) (user=howardchung job=sendgmr) by 2002:a05:6214:1021:: with SMTP id k1mr20497623qvr.4.1627979026751; Tue, 03 Aug 2021 01:23:46 -0700 (PDT) Date: Tue, 3 Aug 2021 16:22:36 +0800 In-Reply-To: <20210803082237.723766-1-howardchung@google.com> Message-Id: <20210803161319.Bluez.v8.12.I433ab6a7ac1d4f8f8dea496ac14bdbf3597015d3@changeid> Mime-Version: 1.0 References: <20210803082237.723766-1-howardchung@google.com> X-Mailer: git-send-email 2.32.0.554.ge1b32706d8-goog Subject: [Bluez PATCH v8 12/13] doc: add description of admin policy From: Howard Chung To: linux-bluetooth@vger.kernel.org, luiz.dentz@gmail.com Cc: Yun-Hao Chung , Miao-chen Chou Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Yun-Hao Chung This adds admin-policy-api.txt. Reviewed-by: Miao-chen Chou --- (no changes since v1) doc/admin-policy-api.txt | 65 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 65 insertions(+) create mode 100644 doc/admin-policy-api.txt diff --git a/doc/admin-policy-api.txt b/doc/admin-policy-api.txt new file mode 100644 index 000000000000..3f116901dbd7 --- /dev/null +++ b/doc/admin-policy-api.txt @@ -0,0 +1,65 @@ +BlueZ D-Bus Admin Policy API description +*********************************** + +This API provides methods to control the behavior of bluez as an administrator. + +Interface AdminPolicySet1 provides methods to set policies. Once the policy is +set successfully, it will affect all clients and stay persistently even after +restarting Bluetooth Daemon. The only way to clear it is to overwrite the +policy with the same method. + +Interface AdminPolicyStatus1 provides readonly properties to indicate the +current values of admin policy. + + +Admin Policy Set hierarchy +================= + +Service org.bluez +Interface org.bluez.AdminPolicySet1 +Object path [variable prefix]/{hci0,hci1,...} + +Methods void SetServiceAllowList(array{string} UUIDs) + + This method sets the service allowlist by specifying + service UUIDs. + + When SetServiceAllowList is called, bluez will block + incoming and outgoing connections to the service not in + UUIDs for all of the clients. + + Any subsequent calls to this method will supersede any + previously set allowlist values. Calling this method + with an empty array will allow any service UUIDs to be + used. + + The default value is an empty array. + + Possible errors: org.bluez.Error.InvalidArguments + org.bluez.Error.Failed + + +Admin Policy Status hierarchy +================= + +Service org.bluez +Interface org.bluez.AdminPolicyStatus1 +Object path [variable prefix]/{hci0,hci1,...} + +Properties array{string} ServiceAllowList [readonly] + + Current value of service allow list. + + + +Admin Policy Status hierarchy +================= + +Service org.bluez +Interface org.bluez.AdminPolicyStatus1 +Object path [variable prefix]/{hci0,hci1,...}/dev_XX_XX_XX_XX_XX_XX + +Properties bool IsAffectedByPolicy [readonly] + + Indicate if there is any auto-connect profile in this + device is not allowed by admin policy. From patchwork Tue Aug 3 08:22:37 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Howard Chung X-Patchwork-Id: 491798 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-21.3 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, USER_AGENT_GIT, USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 01BABC4338F for ; Tue, 3 Aug 2021 08:23:53 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id DF85060EFF for ; Tue, 3 Aug 2021 08:23:52 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234423AbhHCIYC (ORCPT ); Tue, 3 Aug 2021 04:24:02 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52124 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234469AbhHCIYC (ORCPT ); Tue, 3 Aug 2021 04:24:02 -0400 Received: from mail-qk1-x74a.google.com (mail-qk1-x74a.google.com [IPv6:2607:f8b0:4864:20::74a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 747E1C06175F for ; Tue, 3 Aug 2021 01:23:51 -0700 (PDT) Received: by mail-qk1-x74a.google.com with SMTP id t191-20020a37aac80000b02903b9402486c5so16118560qke.13 for ; Tue, 03 Aug 2021 01:23:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=IspAzGAMuGHmQUhDBsbcIwOoqtAeGv0Fzajl8rOsFOg=; b=GdQMmOAxF0J6ek9RjsAE9MDaki+x9Z3zUrcK0Di+obQRHKN5TPsPVz+Mi0hAAJjFuU U9rW5ZF2/4DUwzdmchPKqQ/MDgfBcNeNBdB02OIwpwaI5+R/r9YLq8JcE6IvpVVJROEP ThWaF/TsYxB2FlEf5NYEGKWnf4VJA1A7TLZkRx8OswMwk8mJv8DSACorafHuVjLk4Tn+ O//oEKIM/SSshpj0MJCP45eY0V+ZEcQFNiL2oCgquvIAhEILePXlSAVSHmF9e6Uq2pog pvs+lkd28gDxH9xErMz0i9TdtTRtouqb4EkR8If0p8byfLs0jT3P5Cmv0iLvFWoDgsZP DV2A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=IspAzGAMuGHmQUhDBsbcIwOoqtAeGv0Fzajl8rOsFOg=; b=jZ5Bku/oj6blc0yJLRiZZCFTNF0lp3JJ9FNkjf/dNobn+btZ8yJt9U5rCrr7tmuOSd pvPEyJLJozNSPIcOGkvDVejNXVoJua6XqgtayCuOjg7aIr8gknLaADTatmMV6QOlPyfx OJQjuFP6XrfuxScYva+0L3AdAlfYS6jJZgmUZH14qaZZX7wjcRe9wYkTyhDYstzRI4nn qDBaLx1a/3x6XFJJciW4monnoOqRwoQo8r23XuStnTWZ86L4ZSBmWRY+TEB/yM8bR1YN gcOtO6sOZCxYU6tZ8mwFHlHW9XSQS4PoX/GFUSAbjGYiAkvbFB54B58GPouGknMe/+83 tJFA== X-Gm-Message-State: AOAM531Vn8Q4NoE+R3O6ohP84FEyxh1jZzPdiFvsbCp8yCqFlhGYe/vf VpY/xzku6GhJIrhVPECtUFHPVUwjItD7dzSqtl7qSmQRIwIr72gzel3diGnWha9pQFhj3NAL2Jf tCWP3643jXXky51KqGqftJvYhGk+L4B9o7qHXZ1QzpZbsZTtoRNg92rj7Jdi4o21Rft65cv/Jf+ TAiHSdd20bRw4= X-Google-Smtp-Source: ABdhPJx/2/B4d6cDTLcuDoyk6mTRBT6RdWkLUWnAG/MMTw53Qn/8U2tGCgdDv04/6qVVuQwBkYUkUqkY3w0REyUvEA== X-Received: from howardchung-p920.tpe.corp.google.com ([2401:fa00:1:10:ef55:8161:c77b:7a8d]) (user=howardchung job=sendgmr) by 2002:a05:6214:1d0a:: with SMTP id e10mr5607028qvd.15.1627979030541; Tue, 03 Aug 2021 01:23:50 -0700 (PDT) Date: Tue, 3 Aug 2021 16:22:37 +0800 In-Reply-To: <20210803082237.723766-1-howardchung@google.com> Message-Id: <20210803161319.Bluez.v8.13.Ide727bc4654c80ce67a268b624a6c5a0f79a11e1@changeid> Mime-Version: 1.0 References: <20210803082237.723766-1-howardchung@google.com> X-Mailer: git-send-email 2.32.0.554.ge1b32706d8-goog Subject: [Bluez PATCH v8 13/13] doc: add admin policy file storage description From: Howard Chung To: linux-bluetooth@vger.kernel.org, luiz.dentz@gmail.com Cc: Yun-Hao Chung Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Yun-Hao Chung This adds storage description of admin policy file in doc/settings-storage.txt --- (no changes since v1) doc/settings-storage.txt | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/doc/settings-storage.txt b/doc/settings-storage.txt index d21150f09ecb..1d96cd66d94f 100644 --- a/doc/settings-storage.txt +++ b/doc/settings-storage.txt @@ -36,6 +36,7 @@ root, named based on the address, which contains: - a settings file for the local adapter - an attributes file containing attributes of supported LE services + - an admin policy file containing current values of admin policies - a cache directory containing: - one file per device, named by remote device address, which contains device name @@ -50,6 +51,7 @@ So the directory structure is: /var/lib/bluetooth// ./settings ./attributes + ./admin_policy_settings ./cache/ ./ ./ @@ -140,6 +142,24 @@ Sample: Value=4578616D706C6520446576696365 +Admin Policy file format +====================== + +The admin policy file stores the current value of each admin policy. + +[General] group contains: + + ServiceAllowlist List of List of service UUID allowed by + strings adapter in 128-bits format, separated + by ','. Default is empty. + +Sample: + [General] + ServiceAllowlist= + + + + CCC file format ======================