diff mbox series

[BlueZ,v2,1/2] gatt: allow GATT server to dicate CCC permissions

Message ID 20210929180031.417090-2-dmartinez@starry.com (mailing list archive)
State Superseded
Headers show
Series Optionally require security for notify/indicate | expand

Checks

Context Check Description
tedd_an/checkpatch success Checkpatch PASS
tedd_an/gitlint success Gitlint PASS
tedd_an/setupell success Setup ELL PASS
tedd_an/buildprep success Build Prep PASS
tedd_an/build success Build Configuration PASS
tedd_an/makecheck fail Make Check FAIL: src/gatt-database.c: In function ‘service_add_ccc’: src/gatt-database.c:1060:2: error: ISO C90 forbids mixed declarations and code [-Werror=declaration-after-statement] 1060 | uint32_t permissions = BT_ATT_PERM_READ | BT_ATT_PERM_WRITE; | ^~~~~~~~ cc1: all warnings being treated as errors make[1]: *** [Makefile:9212: src/bluetoothd-gatt-database.o] Error 1 make: *** [Makefile:10443: check] Error 2
tedd_an/makedistcheck success Make Distcheck PASS
tedd_an/build_extell success Build External ELL PASS
tedd_an/build_extell_make fail Build Make with External ELL FAIL: src/gatt-database.c: In function ‘service_add_ccc’: src/gatt-database.c:1060:2: error: ISO C90 forbids mixed declarations and code [-Werror=declaration-after-statement] 1060 | uint32_t permissions = BT_ATT_PERM_READ | BT_ATT_PERM_WRITE; | ^~~~~~~~ cc1: all warnings being treated as errors make[1]: *** [Makefile:9212: src/bluetoothd-gatt-database.o] Error 1 make: *** [Makefile:4151: all] Error 2

Commit Message

Dagan Martinez Sept. 29, 2021, 6 p.m. UTC 
Allow a GATT server to impose permissions/restrictions on a CCC by
setting additional `X-asynchronous` permissions on its associated
characteristic.

This allows a developer to require encryption/authentication in order
for a GATT client to subscribe to server-initiated updates.

Test procedure:
Attempt to read/write with a "low" security level on an unprotected CCC
using gatttool, and succeed
Attempt to READ with a "low" security level on an protected CCC
using gatttool, and succeed
Attempt to WRITE with a "low" security level on an protected CCC
using gatttool, and fail
Attempt to read/write while paired on a protected CCC using
`bluetoothctl`, and succeed
---
 src/gatt-database.c    | 30 ++++++++++++++++++++++++++----
 src/shared/att-types.h |  4 ++++
 2 files changed, 30 insertions(+), 4 deletions(-)

Comments

bluez.test.bot@gmail.com Sept. 29, 2021, 6:39 p.m. UTC | #1 
This is automated email and please do not reply to this email!

Dear submitter,

Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=555169

---Test result---

Test Summary:
CheckPatch                    PASS      2.64 seconds
GitLint                       PASS      1.90 seconds
Prep - Setup ELL              PASS      42.17 seconds
Build - Prep                  PASS      0.46 seconds
Build - Configure             PASS      7.81 seconds
Build - Make                  FAIL      149.53 seconds
Make Check                    FAIL      1.57 seconds
Make Distcheck                PASS      213.11 seconds
Build w/ext ELL - Configure   PASS      7.91 seconds
Build w/ext ELL - Make        FAIL      141.46 seconds

Details
##############################
Test: Build - Make - FAIL
Desc: Build the BlueZ source tree
Output:
src/gatt-database.c: In function ‘service_add_ccc’:
src/gatt-database.c:1060:2: error: ISO C90 forbids mixed declarations and code [-Werror=declaration-after-statement]
 1060 |  uint32_t permissions = BT_ATT_PERM_READ | BT_ATT_PERM_WRITE;
      |  ^~~~~~~~
cc1: all warnings being treated as errors
make[1]: *** [Makefile:9212: src/bluetoothd-gatt-database.o] Error 1
make: *** [Makefile:4151: all] Error 2


##############################
Test: Make Check - FAIL
Desc: Run 'make check'
Output:
src/gatt-database.c: In function ‘service_add_ccc’:
src/gatt-database.c:1060:2: error: ISO C90 forbids mixed declarations and code [-Werror=declaration-after-statement]
 1060 |  uint32_t permissions = BT_ATT_PERM_READ | BT_ATT_PERM_WRITE;
      |  ^~~~~~~~
cc1: all warnings being treated as errors
make[1]: *** [Makefile:9212: src/bluetoothd-gatt-database.o] Error 1
make: *** [Makefile:10443: check] Error 2


##############################
Test: Build w/ext ELL - Make - FAIL
Desc: Build BlueZ source with '--enable-external-ell' configuration
Output:
src/gatt-database.c: In function ‘service_add_ccc’:
src/gatt-database.c:1060:2: error: ISO C90 forbids mixed declarations and code [-Werror=declaration-after-statement]
 1060 |  uint32_t permissions = BT_ATT_PERM_READ | BT_ATT_PERM_WRITE;
      |  ^~~~~~~~
cc1: all warnings being treated as errors
make[1]: *** [Makefile:9212: src/bluetoothd-gatt-database.o] Error 1
make: *** [Makefile:4151: all] Error 2




---
Regards,
Linux Bluetooth
diff mbox series

Patch

diff --git a/src/gatt-database.c b/src/gatt-database.c
index 1f7ce5f02..4e7938565 100644
--- a/src/gatt-database.c
+++ b/src/gatt-database.c
@@ -1044,6 +1044,7 @@  service_add_ccc(struct gatt_db_attribute *service,
 				struct btd_gatt_database *database,
 				btd_gatt_database_ccc_write_t write_callback,
 				void *user_data,
+				uint32_t parent_permissions,
 				btd_gatt_database_destroy_t destroy)
 {
 	struct gatt_db_attribute *ccc;
@@ -1052,9 +1053,23 @@  service_add_ccc(struct gatt_db_attribute *service,
 
 	ccc_cb = new0(struct ccc_cb_data, 1);
 
+	/*
+	 * Provide a way for the permissions on a characteristic to dictate
+	 * the permissions on the CCC
+	 */
+	uint32_t permissions = BT_ATT_PERM_READ | BT_ATT_PERM_WRITE;
+
+	if (parent_permissions & BT_ATT_PERM_ASYNCHRONOUS_ENCRYPT)
+		permissions |= BT_ATT_PERM_WRITE_ENCRYPT;
+
+	if (parent_permissions & BT_ATT_PERM_ASYNCHRONOUS_AUTHEN)
+		permissions |= BT_ATT_PERM_WRITE_AUTHEN;
+
+	if (parent_permissions & BT_ATT_PERM_ASYNCHRONOUS_SECURE)
+		permissions |= BT_ATT_PERM_WRITE_SECURE;
+
 	bt_uuid16_create(&uuid, GATT_CLIENT_CHARAC_CFG_UUID);
-	ccc = gatt_db_service_add_descriptor(service, &uuid,
-				BT_ATT_PERM_READ | BT_ATT_PERM_WRITE,
+	ccc = gatt_db_service_add_descriptor(service, &uuid, permissions,
 				gatt_ccc_read_cb, gatt_ccc_write_cb, database);
 	if (!ccc) {
 		error("Failed to create CCC entry in database");
@@ -1211,7 +1226,7 @@  static void populate_gatt_service(struct btd_gatt_database *database)
 				NULL, NULL, database);
 
 	database->svc_chngd_ccc = service_add_ccc(service, database, NULL, NULL,
-									NULL);
+								    0, NULL);
 
 	bt_uuid16_create(&uuid, GATT_CHARAC_CLI_FEAT);
 	database->cli_feat = gatt_db_service_add_characteristic(service,
@@ -1674,6 +1689,13 @@  static bool parse_chrc_flags(DBusMessageIter *array, uint8_t *props,
 			*perm |= BT_ATT_PERM_WRITE | BT_ATT_PERM_WRITE_SECURE;
 		} else if (!strcmp("authorize", flag)) {
 			*req_prep_authorization = true;
+		} else if (!strcmp("encrypt-asynchronous", flag)) {
+			*perm |= BT_ATT_PERM_ASYNCHRONOUS_ENCRYPT;
+		} else if (!strcmp(
+				"encrypt-authenticated-asynchronous", flag)) {
+			*perm |= BT_ATT_PERM_ASYNCHRONOUS_AUTHEN;
+		} else if (!strcmp("secure-asynchronous", flag)) {
+			*perm |= BT_ATT_PERM_ASYNCHRONOUS_SECURE;
 		} else {
 			error("Invalid characteristic flag: %s", flag);
 			return false;
@@ -2773,7 +2795,7 @@  static bool database_add_ccc(struct external_service *service,
 		return true;
 
 	chrc->ccc = service_add_ccc(service->attrib, service->app->database,
-						ccc_write_cb, chrc, NULL);
+					ccc_write_cb, chrc, chrc->perm, NULL);
 	if (!chrc->ccc) {
 		error("Failed to create CCC entry for characteristic");
 		return false;
diff --git a/src/shared/att-types.h b/src/shared/att-types.h
index a08b24155..554441aca 100644
--- a/src/shared/att-types.h
+++ b/src/shared/att-types.h
@@ -137,6 +137,10 @@  struct bt_att_pdu_error_rsp {
 					BT_ATT_PERM_WRITE_AUTHEN | \
 					BT_ATT_PERM_WRITE_ENCRYPT | \
 					BT_ATT_PERM_WRITE_SECURE)
+/* Permissions to be applied to the CCC */
+#define BT_ATT_PERM_ASYNCHRONOUS_ENCRYPT 0x0400
+#define BT_ATT_PERM_ASYNCHRONOUS_AUTHEN 0x0800
+#define BT_ATT_PERM_ASYNCHRONOUS_SECURE 0x1000
 
 /* GATT Characteristic Properties Bitfield values */
 #define BT_GATT_CHRC_PROP_BROADCAST			0x01