From patchwork Thu Apr 1 10:24:40 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Howard Chung X-Patchwork-Id: 12177775 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-26.3 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_AGENT_GIT,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id E4234C41602 for ; Thu, 1 Apr 2021 10:28:39 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id C91746113C for ; Thu, 1 Apr 2021 10:28:39 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234355AbhDAK2L (ORCPT ); Thu, 1 Apr 2021 06:28:11 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50578 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234236AbhDAK1u (ORCPT ); Thu, 1 Apr 2021 06:27:50 -0400 Received: from mail-pj1-x104a.google.com (mail-pj1-x104a.google.com [IPv6:2607:f8b0:4864:20::104a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9F6B4C06178C for ; Thu, 1 Apr 2021 03:25:20 -0700 (PDT) Received: by mail-pj1-x104a.google.com with SMTP id lj2so3359004pjb.1 for ; Thu, 01 Apr 2021 03:25:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=juhixWLyicFTt7f+uaGnUssgbkazntw8va11il35Aco=; b=d+mdMLYXGpUiXb/0heJwjiqdBqBIYR/EzMM88l1RFE+HvpLDBVfGAV0+YK43YSZmD/ 3Lo80wJZC5VoxCqZO/ylthV3MMWPiXJdzLmvUe4a2NRpsceSOGzPSn50LbBBVd4Bo98l gdjRHB9Lf450d5fhMvpjVn+AJsVWZaINpbpaAfju3BlJSxeXO5jQtEKD2taf/wa6mcp/ RfAUA/WGkJstxuspWc7EyDEt+wg44Puaw6PwyQqyXr2InBIHyWq4rSHbnsluA8CDfzKU mV2QFEk8WWEuNyxgASfKWZfmays9qE8MihZe3m0IPWBLYzOSHh4EOUfkAc3sWblkhLwN Bajg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=juhixWLyicFTt7f+uaGnUssgbkazntw8va11il35Aco=; b=PNm5Ohqfz39s+CxFPlJTVqMcRhn2qGpS3UiLkOyUU8cvBYg7H6xlYxKS/jN8f1teQv x2mBZtrELh7IhfCOyY5WApHufrhBVx5MTq396GbDahodMouKjDmYAP82UWwdmlzFR7hU BUGyTs8T5aHo3SPdON1HdFMJMaYeT1NggoCS56OPyZ2Nx/S6LVpiGn/jhE6G7fvAspJi SzU5i2UlGxCOIzfdi8J3CpiqdFNZpN6sQxFxjo/gVnUucdbaZgKxLARo3QEXo7IZG9FD WgKlL0t7vytnso8kXerz7AWZNIWtKBrRJMrPIkwQhwbYpNRKhNO+sD7yzDZHHI9YCsZW hEZA== X-Gm-Message-State: AOAM530ci80+hGNdx3rW4wBxqvWP+55EBgVSnunSdoURhpPZtF+5dBNh LREwnEfJocouvQX+5+ymkLI5g1tjmg4NXUkCixBXSgKMpMPh6U2AT2LOpBkYtCRQeAzNuuE8T1l 662KKiRUm8yWta+BVpKeXqT7s+WOlKQFw/aKd1sO5cWuD/LiE/9tDcgm8EccZEpPxXJI9yGYOgy Az/y5fD1kNSLk= X-Google-Smtp-Source: ABdhPJzo0ZYKEVOCzxXvIZrrcuL7G04/JHRV4Q21VBDd8gldtomSkgysGgqCgOyxB3qRaJmFOX+ig8gN6EogSpnOqw== X-Received: from howardchung-p920.tpe.corp.google.com ([2401:fa00:1:10:ad88:abe:9fd5:a5fc]) (user=howardchung job=sendgmr) by 2002:a17:90a:8b97:: with SMTP id z23mr309500pjn.1.1617272719582; Thu, 01 Apr 2021 03:25:19 -0700 (PDT) Date: Thu, 1 Apr 2021 18:24:40 +0800 In-Reply-To: <20210401102447.3958224-1-howardchung@google.com> Message-Id: <20210401182328.Bluez.1.I42e9182418d46012ec4b01562f2e0f18840e90d5@changeid> Mime-Version: 1.0 References: <20210401102447.3958224-1-howardchung@google.com> X-Mailer: git-send-email 2.31.0.291.g576ba9dcdaf-goog Subject: [Bluez PATCH 1/8] doc: add description of SetServiceAllowList From: Howard Chung To: linux-bluetooth@vger.kernel.org, luiz.dentz@gmail.com Cc: Howard Chung , Miao-chen Chou Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org This adds description of SetServiceAllowList. Reviewed-by: Miao-chen Chou --- doc/admin_policy-api.txt | 34 ++++++++++++++++++++++++++++++++++ doc/device-api.txt | 7 +++++++ 2 files changed, 41 insertions(+) create mode 100644 doc/admin_policy-api.txt diff --git a/doc/admin_policy-api.txt b/doc/admin_policy-api.txt new file mode 100644 index 000000000000..dd957351506a --- /dev/null +++ b/doc/admin_policy-api.txt @@ -0,0 +1,34 @@ +BlueZ D-Bus Adapter API description +*********************************** + + +Adapter hierarchy +================= + +Service org.bluez +Interface org.bluez.AdminPolicy1 +Object path [variable prefix]/{hci0,hci1,...} + +Methods void SetServiceAllowList(array{string} UUIDs) [experimental] + + This method sets the service allowlist by specifying + service UUIDs. + + When SetServiceAllowList is called, bluez will first + disconnect all the pending/existing connections and + block future incoming and outgoing connections to + the service in UUIDs for all of the clients once it + finished. + + Any subsequent calls to this method will supersede any + previously set allowlist values. Calling this method + with an empty array will allow any service UUIDs to be + used. + + Possible errors: org.bluez.Error.InvalidArguments + org.bluez.Error.Failed + + +Properties array{string} ServiceAllowList [readonly, experimental] + + Current value of service allow list. diff --git a/doc/device-api.txt b/doc/device-api.txt index 4e824d2dec17..774ee046cc92 100644 --- a/doc/device-api.txt +++ b/doc/device-api.txt @@ -272,3 +272,10 @@ Properties string Address [readonly] Example: 0x26 0x01 0x01... + + bool IsBlockedByPolicy [readonly, experimental] + + Indicate whether or not this device is blocked by admin + policy. This would be true if any of its auto-connect + service does not exist in the ServiceAllowList under + org.bluez.AdminPolicy1. From patchwork Thu Apr 1 10:24:41 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Howard Chung X-Patchwork-Id: 12177769 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-26.3 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_AGENT_GIT,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D9264C4360C for ; Thu, 1 Apr 2021 10:28:37 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id A5951606A5 for ; Thu, 1 Apr 2021 10:28:37 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234362AbhDAK2M (ORCPT ); Thu, 1 Apr 2021 06:28:12 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50580 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234238AbhDAK1u (ORCPT ); Thu, 1 Apr 2021 06:27:50 -0400 Received: from mail-pl1-x649.google.com (mail-pl1-x649.google.com [IPv6:2607:f8b0:4864:20::649]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5FFC5C061793 for ; Thu, 1 Apr 2021 03:25:24 -0700 (PDT) Received: by mail-pl1-x649.google.com with SMTP id y19so2804379pll.8 for ; Thu, 01 Apr 2021 03:25:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=cO4AVl4n279ebsWSUVFtNX9Qx+EUeBMaQw67JXUvSvY=; b=OCei/5zVNsnGKUZw/jxr29YLvkaNFnXaGn9oEn8VZeExRh/oEitNruJq0TT/H6TMVP CSdFhCApRUSTeUeRho4mWiRZnS4LNz8Fa/XrU3K0tLtPl8PC+9KVyBm/al/LpK2mBkiM ipleuFc1WT4I2xh23BNAfXrYLgRUpsx4ntoRuppC4UjuhJzKEgKprH0Pl1bbh1g2mLKV 7PMM8KIRLXFAZx77k/zYWGGfqKW/BA7vqexli+EWxvHTS2LRExUarCWsK5jsjjgleRpt Q4g5EtoUf7DpgfEr5GZ/Qr2wphwSA8gmae+Tb/aP2f5iRCljdPXjVAteFAPHGiJNqZqB LeeQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=cO4AVl4n279ebsWSUVFtNX9Qx+EUeBMaQw67JXUvSvY=; b=FAXaMYoY7kRqKC891n1W7r+HoB3wzN+r/V/++867GndhefHMiR8eQ9qycjtO+dZ27n 8epB0D0zfdtHlYULDscpho4zECeTBwKq6lXiOF/f/l2QGuqUcGUUi1NHfkPN7Cmsj5kr Y5bC/ns2z4EULaSYjXh2gNsm4tu7I4W8Vn7WTv7oKlMK7v0mNxYr21XsAtNrcJl6RqPD ZNWxFkov3x/lBoJwFlqg+t0gzbiKAa2przNnJG9C1pLe3NGCCASgGlIrF46PJmRLv91w vl2aF+CInUSNCtNVJsspVgKwECewLPZS+T4VXQS93qTh7ymlY4Bkz8ACfwbmHhf1Tq/E 8W2A== X-Gm-Message-State: AOAM5303C0tMxFXM13L6GlONTHfFQFnhD6QpY0ebp6SwgXryhwVs9fcE nbYt1G/Rn5Tjv2lItzuKbP2eSw6ueYzq9Ne4iGwCjB8bxoia4we9HrwglSB6fTPPQxuGKKsa/Z0 NGl7w4TDV6EURQlu7yxl4fbv2rriq/Y6Z0HJOCb8WV5mAQ6ZtpSd9nyWQVIc9kdR1jER9cxD63W D2jwV7B09/SEk= X-Google-Smtp-Source: ABdhPJxrmGyVPY6/ctS/LJ6ng7gEpEp623G11Mme8vTJgQ0RZE2FGlUu712qVrpFjYoqZww06MHPtbL2CInCxTRwtQ== X-Received: from howardchung-p920.tpe.corp.google.com ([2401:fa00:1:10:ad88:abe:9fd5:a5fc]) (user=howardchung job=sendgmr) by 2002:a62:7f86:0:b029:20a:a195:bb36 with SMTP id a128-20020a627f860000b029020aa195bb36mr6976280pfd.4.1617272723719; Thu, 01 Apr 2021 03:25:23 -0700 (PDT) Date: Thu, 1 Apr 2021 18:24:41 +0800 In-Reply-To: <20210401102447.3958224-1-howardchung@google.com> Message-Id: <20210401182328.Bluez.2.I2d1b00997951634dac9ea09da39fc9340ba7256b@changeid> Mime-Version: 1.0 References: <20210401102447.3958224-1-howardchung@google.com> X-Mailer: git-send-email 2.31.0.291.g576ba9dcdaf-goog Subject: [Bluez PATCH 2/8] lib: add hash functions for bt_uuid_t From: Howard Chung To: linux-bluetooth@vger.kernel.org, luiz.dentz@gmail.com Cc: Howard Chung , Miao-chen Chou Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org This adds function GHashFunc and GEqualFunc for bt_uuid_t. With these functions, we can add uuids into a GHashTable with bt_uuid_t format. Reviewed-by: Miao-chen Chou --- lib/uuid.c | 21 +++++++++++++++++++++ lib/uuid.h | 3 +++ 2 files changed, 24 insertions(+) diff --git a/lib/uuid.c b/lib/uuid.c index a09321dc6ed1..0b0ddb3fc9d2 100644 --- a/lib/uuid.c +++ b/lib/uuid.c @@ -16,6 +16,7 @@ #include #include #include +#include #include "lib/bluetooth.h" #include "uuid.h" @@ -120,6 +121,26 @@ int bt_uuid_cmp(const bt_uuid_t *uuid1, const bt_uuid_t *uuid2) return bt_uuid128_cmp(&u1, &u2); } +guint bt_uuid_hash(gconstpointer key) +{ + const bt_uuid_t *uuid = key; + bt_uuid_t uuid_128; + uint64_t *val; + + bt_uuid_to_uuid128(uuid, &uuid_128); + val = (uint64_t *)&uuid_128.value.u128; + + return g_int64_hash(val) ^ g_int64_hash(val+1); +} + +gboolean bt_uuid_equal(gconstpointer v1, gconstpointer v2) +{ + const bt_uuid_t *uuid1 = v1; + const bt_uuid_t *uuid2 = v2; + + return bt_uuid_cmp(uuid1, uuid2) == 0; +} + /* * convert the UUID to string, copying a maximum of n characters. */ diff --git a/lib/uuid.h b/lib/uuid.h index 1a4029b68730..e47ccccb9fd2 100644 --- a/lib/uuid.h +++ b/lib/uuid.h @@ -17,6 +17,7 @@ extern "C" { #endif #include +#include #define GENERIC_AUDIO_UUID "00001203-0000-1000-8000-00805f9b34fb" @@ -167,6 +168,8 @@ int bt_uuid128_create(bt_uuid_t *btuuid, uint128_t value); int bt_uuid_cmp(const bt_uuid_t *uuid1, const bt_uuid_t *uuid2); void bt_uuid_to_uuid128(const bt_uuid_t *src, bt_uuid_t *dst); +guint bt_uuid_hash(gconstpointer key); +gboolean bt_uuid_equal(gconstpointer v1, gconstpointer v2); #define MAX_LEN_UUID_STR 37 From patchwork Thu Apr 1 10:24:42 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Howard Chung X-Patchwork-Id: 12177767 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-26.3 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_AGENT_GIT,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 523AAC43462 for ; Thu, 1 Apr 2021 10:28:37 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 2250961056 for ; Thu, 1 Apr 2021 10:28:37 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234342AbhDAK2H (ORCPT ); Thu, 1 Apr 2021 06:28:07 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50702 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234043AbhDAK1u (ORCPT ); Thu, 1 Apr 2021 06:27:50 -0400 Received: from mail-qv1-xf49.google.com (mail-qv1-xf49.google.com [IPv6:2607:f8b0:4864:20::f49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9D7D5C061794 for ; Thu, 1 Apr 2021 03:25:28 -0700 (PDT) Received: by mail-qv1-xf49.google.com with SMTP id s16so3070759qvw.3 for ; Thu, 01 Apr 2021 03:25:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=sZxMhDh4PtQpDZAAlBmJ6imAFzM4bpWjjnSVavxASeE=; b=kcIAz15S1VRQY3Lv9eXJo3MkYSLniXTN9YNh2jw8Nq2SVVPoE2BxWZV12eUeVj3brz IVxSJfnq2ijne/JjOVl25Eku2xKcskrwNLBoFkailYuBg0uMYdewL5UZ9j+TgS/7WNdD RrxzS1faUSdcZLJlMsiFLFGNg0keWj6XcxJJbd/6RwkwFR3D3eVVJ8oRqeE2A3rkc2aF IuikG/Gif9IvaRZ4iX5OcyR9kWtUSfQKH90PkY8XOmQEr8JBERh6fXu+2fbQZRo3652P ZvFvVHlNbikMgjv1OGnYnOD9M8BOyGPR6Xw3+8UCZWBB8cBvClTzcc47SWlwswU+0zDb PgBw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=sZxMhDh4PtQpDZAAlBmJ6imAFzM4bpWjjnSVavxASeE=; b=IMH01XnI0O0rEOskBALlnK3TEziC36Emga1XRTiZ1kDzF4EKZUN/CaHDrnIyHLW7J0 TLJ0piyl/m7d6CzZEmuTowBfOTgGnjjSb+DtmQeR4jBNR9MyGiqJ3FVWDSLhFh3X547T VhXUH9r6D7rEDiMUTwHMzzGCOSmFe1Nq7NQJuIzh1xs0IcshQ+v6C3dsh9YwDWmDwSOd 49R6GMLfHPeL7VYtxxs+LBSOWw7KhV2I4pTqh78luH4N3rTaoJ3q+83VggbQCgYhOEXu PfCShL39Uf9/Q3gcFmp1DPPysBiOWzdLEb0J6Mz8T6PMz2u+BVzDOlgItDvKI4VbpexI u5ow== X-Gm-Message-State: AOAM530SKsyoSheJM+eSkG3a6jw8doUeL1xwNbZK5pIUjUfaVWBaNYVJ uPgQ6SwrwAbONE55lGXJ8QUKIXY9uV793paYbMrFmZO9aW9crtU0ZE3bA+5xh17q2uUt0JvZynb +d3onCdmRlA78vB/4fcXlUNLT0SeqijzvI4l/ydN0u4kGVi3cNq4UHdE/jPPX38W/CdvLT0nPKA RD62exW/uTB+A= X-Google-Smtp-Source: ABdhPJzOI4B3faUyBrBSHshRchUlDa18ID+9UH1s7P+fDKeYB/xpP7bN9nFFdnbErV3aaanbxnGfKO+V4AuGPEpLdQ== X-Received: from howardchung-p920.tpe.corp.google.com ([2401:fa00:1:10:ad88:abe:9fd5:a5fc]) (user=howardchung job=sendgmr) by 2002:ad4:5429:: with SMTP id g9mr7586296qvt.39.1617272727647; Thu, 01 Apr 2021 03:25:27 -0700 (PDT) Date: Thu, 1 Apr 2021 18:24:42 +0800 In-Reply-To: <20210401102447.3958224-1-howardchung@google.com> Message-Id: <20210401182328.Bluez.3.Id809d31b709b20f4977977fb92d49db2d4a62067@changeid> Mime-Version: 1.0 References: <20210401102447.3958224-1-howardchung@google.com> X-Mailer: git-send-email 2.31.0.291.g576ba9dcdaf-goog Subject: [Bluez PATCH 3/8] core: add AdminPolicy Interface From: Howard Chung To: linux-bluetooth@vger.kernel.org, luiz.dentz@gmail.com Cc: Howard Chung , Miao-chen Chou Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org This patch adds a new interface org.bluez.AdminPolicy for Administrator to have better control on Bluetooth behaviors. This patch also adds a method SetServiceAllowlist under AdminPolicy to only allow incoming and outgoing connections to the service in the allowlist for all of the clients. For existing connections, bluez will send disconnect request to all of them in case some of them are not allowed by the policy. For outgoing connections, services not in the allowlist would be removed from its pending list when trying to connect. For incoming connections, profiles not in the allowlist would be unregistered when policy is set and would be re-registered when policy is relaxed. For GATT profiles, if it is a system defined profile, e.g. HoG, we disallow the connection if any of its mandatory service is not in the allowlist. Since each profile defines different mandatory services, we'll handle it profile by profile in the future patches. If this is not a system defined profile, we only accept its service connection if it is in allowlist. Reviewed-by: Miao-chen Chou --- Makefile.am | 3 +- src/adapter.c | 45 ++++++++- src/adapter.h | 4 + src/admin_policy.c | 240 +++++++++++++++++++++++++++++++++++++++++++++ src/admin_policy.h | 23 +++++ src/device.c | 51 +++++++++- src/device.h | 1 + src/profile.c | 39 ++++++++ src/profile.h | 5 + src/service.c | 21 ++++ src/service.h | 1 + 11 files changed, 428 insertions(+), 5 deletions(-) create mode 100644 src/admin_policy.c create mode 100644 src/admin_policy.h diff --git a/Makefile.am b/Makefile.am index 7fce2e7c04ad..5a2b65783591 100644 --- a/Makefile.am +++ b/Makefile.am @@ -297,7 +297,8 @@ src_bluetoothd_SOURCES = $(builtin_sources) \ src/dbus-common.c src/dbus-common.h \ src/eir.h src/eir.c \ src/adv_monitor.h src/adv_monitor.c \ - src/battery.h src/battery.c + src/battery.h src/battery.c \ + src/admin_policy.h src/admin_policy.c src_bluetoothd_LDADD = lib/libbluetooth-internal.la \ gdbus/libgdbus-internal.la \ src/libshared-glib.la \ diff --git a/src/adapter.c b/src/adapter.c index 2fa06b73c240..5531ed0e2246 100644 --- a/src/adapter.c +++ b/src/adapter.c @@ -66,6 +66,7 @@ #include "gatt-database.h" #include "advertising.h" #include "adv_monitor.h" +#include "admin_policy.h" #include "eir.h" #include "battery.h" @@ -260,6 +261,8 @@ struct btd_adapter { struct btd_battery_provider_manager *battery_provider_manager; + struct btd_admin_policy *admin_policy; + gboolean initialized; GSList *pin_callbacks; @@ -3480,6 +3483,32 @@ static DBusMessage *connect_device(DBusConnection *conn, return NULL; } +static void disconnect_device(gpointer data, gpointer user_data) +{ + struct btd_device *device = data; + + if (btd_device_is_connected(device)) + device_request_disconnect(device, NULL); +} + +void btd_adapter_disconnect_all_devices(struct btd_adapter *adapter) +{ + g_slist_foreach(adapter->connections, disconnect_device, NULL); +} + +static void update_device_is_blocked_by_policy(void *data, void *user_data) +{ + struct btd_device *device = data; + + btd_device_update_is_blocked_by_policy(device); +} + +void btd_adapter_refresh_is_blocked_by_policy(struct btd_adapter *adapter) +{ + g_slist_foreach(adapter->devices, update_device_is_blocked_by_policy, + NULL); +} + static const GDBusMethodTable adapter_methods[] = { { GDBUS_ASYNC_METHOD("StartDiscovery", NULL, NULL, start_discovery) }, { GDBUS_METHOD("SetDiscoveryFilter", @@ -4688,7 +4717,7 @@ static void probe_profile(struct btd_profile *profile, void *data) struct btd_adapter *adapter = data; int err; - if (profile->adapter_probe == NULL) + if (profile->adapter_probe == NULL || profile->is_blocked_by_policy) return; err = profile->adapter_probe(profile, adapter); @@ -6372,6 +6401,9 @@ static void adapter_remove(struct btd_adapter *adapter) btd_battery_provider_manager_destroy(adapter->battery_provider_manager); adapter->battery_provider_manager = NULL; + btd_admin_policy_destroy(adapter->admin_policy); + adapter->admin_policy = NULL; + g_slist_free(adapter->pin_callbacks); adapter->pin_callbacks = NULL; @@ -6873,6 +6905,14 @@ struct agent *adapter_get_agent(struct btd_adapter *adapter) return agent_get(NULL); } +bool btd_adapter_uuid_is_allowed(struct btd_adapter *adapter, const char *uuid) +{ + if (!adapter || !adapter->admin_policy) + return true; + + return btd_admin_policy_uuid_is_allowed(adapter->admin_policy, uuid); +} + static void adapter_remove_connection(struct btd_adapter *adapter, struct btd_device *device, uint8_t bdaddr_type) @@ -8660,6 +8700,9 @@ static int adapter_register(struct btd_adapter *adapter) agent_unref(agent); } + if (g_dbus_get_flags() & G_DBUS_FLAG_ENABLE_EXPERIMENTAL) + adapter->admin_policy = btd_admin_policy_create(adapter); + /* Don't start GATT database and advertising managers on * non-LE controllers. */ diff --git a/src/adapter.h b/src/adapter.h index 60b5e3bcca34..8e8c61b7bdf1 100644 --- a/src/adapter.h +++ b/src/adapter.h @@ -97,6 +97,8 @@ void adapter_service_remove(struct btd_adapter *adapter, uint32_t handle); struct agent *adapter_get_agent(struct btd_adapter *adapter); +bool btd_adapter_uuid_is_allowed(struct btd_adapter *adapter, const char *uuid); + struct btd_adapter *btd_adapter_ref(struct btd_adapter *adapter); void btd_adapter_unref(struct btd_adapter *adapter); @@ -240,3 +242,5 @@ enum kernel_features { }; bool btd_has_kernel_features(uint32_t feature); +void btd_adapter_disconnect_all_devices(struct btd_adapter *adapter); +void btd_adapter_refresh_is_blocked_by_policy(struct btd_adapter *adapter); diff --git a/src/admin_policy.c b/src/admin_policy.c new file mode 100644 index 000000000000..eeae2722cc0a --- /dev/null +++ b/src/admin_policy.c @@ -0,0 +1,240 @@ +// SPDX-License-Identifier: LGPL-2.1-or-later +/* + * + * BlueZ - Bluetooth protocol stack for Linux + * + * Copyright (C) 2021 Google LLC + * + * + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#define _GNU_SOURCE +#include +#include +#include +#include + +#include +#include +#include + +#include "lib/bluetooth.h" +#include "lib/uuid.h" + +#include "adapter.h" +#include "dbus-common.h" +#include "log.h" +#include "metrics.h" +#include "src/error.h" + +#include "admin_policy.h" +#include "profile.h" + +#define ADMIN_POLICY_INTERFACE "org.bluez.AdminPolicy1" + +struct btd_admin_policy { + struct btd_adapter *adapter; + uint16_t adapter_id; + GHashTable *allowed_uuid_set; /* Set of allowed service uuids*/ +}; + +static GHashTable *uuid_set_create(void) +{ + return g_hash_table_new_full(bt_uuid_hash, bt_uuid_equal, g_free, NULL); +} + +static bool parse_allow_service_list(struct btd_adapter *adapter, + GHashTable **uuids, + DBusMessage *msg) +{ + DBusMessageIter iter, arriter; + + dbus_message_iter_init(msg, &iter); + if (dbus_message_iter_get_arg_type(&iter) != DBUS_TYPE_ARRAY) + return false; + + *uuids = uuid_set_create(); + + if (!*uuids) { + error("Failed to create UUID allowed set"); + return false; + } + + dbus_message_iter_recurse(&iter, &arriter); + do { + const int type = dbus_message_iter_get_arg_type(&arriter); + char *uuid_param; + bt_uuid_t *uuid; + + if (type == DBUS_TYPE_INVALID) + break; + + if (type != DBUS_TYPE_STRING) + goto failed; + + dbus_message_iter_get_basic(&arriter, &uuid_param); + uuid = g_try_malloc(sizeof(*uuid)); + + if (!uuid) + goto failed; + + if (bt_string_to_uuid(uuid, uuid_param)) { + g_free(uuid); + goto failed; + } + + g_hash_table_add(*uuids, uuid); + dbus_message_iter_next(&arriter); + } while (true); + + return true; + +failed: + g_hash_table_destroy(*uuids); + *uuids = NULL; + return false; +} + +GHashTable *btd_admin_policy_allowlist_get( + struct btd_admin_policy *admin_policy) +{ + return admin_policy ? admin_policy->allowed_uuid_set : NULL; +} + +void btd_admin_policy_allowlist_set(struct btd_admin_policy *admin_policy, + GHashTable *uuids) +{ + if (!admin_policy) + return; + + admin_policy->allowed_uuid_set = uuids; + + /* This would add/remove profiles to the adapter according to the new + * policy. + */ + btd_profile_policy_update(admin_policy->adapter); + + /* Update auto-connect status to all devices */ + btd_adapter_refresh_is_blocked_by_policy(admin_policy->adapter); +} + +static DBusMessage *set_service_allowlist(DBusConnection *conn, + DBusMessage *msg, void *user_data) +{ + struct btd_admin_policy *admin_policy = user_data; + struct btd_adapter *adapter = admin_policy->adapter; + GHashTable *uuid_set; + const char *sender = dbus_message_get_sender(msg); + bool connectable; + + DBG("sender %s", sender); + + /* Parse parameters */ + if (!parse_allow_service_list(adapter, &uuid_set, msg)) { + btd_error(admin_policy->adapter_id, + "Failed on parsing allowed service list"); + return btd_error_invalid_args(msg); + } + + /* Diconnect all the existing connections in case some of them are not + * allowed to use. + */ + btd_adapter_disconnect_all_devices(adapter); + + /* Clear existing allowlist */ + g_hash_table_destroy(admin_policy->allowed_uuid_set); + + btd_admin_policy_allowlist_set(admin_policy, uuid_set); + + return dbus_message_new_method_return(msg); +} + +static const GDBusMethodTable admin_policy_methods[] = { + { GDBUS_EXPERIMENTAL_METHOD("SetServiceAllowList", + GDBUS_ARGS({ "UUIDs", "as" }), + NULL, set_service_allowlist) }, + { } +}; + +bool btd_admin_policy_uuid_is_allowed(struct btd_admin_policy *admin_policy, + const char *uuid_str) +{ + bt_uuid_t uuid; + + if (!admin_policy) + return true; + + if (bt_string_to_uuid(&uuid, uuid_str)) { + DBG("Failed to parse UUID string '%s'", uuid_str); + return false; + } + + return !g_hash_table_size(admin_policy->allowed_uuid_set) || + g_hash_table_contains(admin_policy->allowed_uuid_set, &uuid); +} + +static struct btd_admin_policy *admin_policy_new(struct btd_adapter *adapter) +{ + struct btd_admin_policy *admin_policy; + + admin_policy = g_try_malloc(sizeof(*admin_policy)); + + if (!admin_policy) { + error("Failed to allocate memory for admin_policy"); + return NULL; + } + + admin_policy->adapter = adapter; + admin_policy->adapter_id = btd_adapter_get_index(adapter); + admin_policy->allowed_uuid_set = uuid_set_create(); + + if (!admin_policy->allowed_uuid_set) { + error("Failed to create UUID allowed set"); + g_free(admin_policy); + return NULL; + } + + return admin_policy; +} + +struct btd_admin_policy *btd_admin_policy_create(struct btd_adapter *adapter) +{ + struct btd_admin_policy *admin_policy; + + admin_policy = admin_policy_new(adapter); + if (!admin_policy) + return NULL; + + if (!g_dbus_register_interface(btd_get_dbus_connection(), + adapter_get_path(admin_policy->adapter), + ADMIN_POLICY_INTERFACE, + admin_policy_methods, NULL, NULL, + admin_policy, NULL)) { + btd_error(admin_policy->adapter_id, + "Failed to register " + ADMIN_POLICY_INTERFACE); + g_free(admin_policy); + return NULL; + } + + DBG("register interface success!"); + return admin_policy; +} + +void btd_admin_policy_destroy(struct btd_admin_policy *admin_policy) +{ + if (!admin_policy) + return; + + btd_info(admin_policy->adapter_id, "Destroy Admin Policy"); + + g_dbus_unregister_interface(btd_get_dbus_connection(), + adapter_get_path(admin_policy->adapter), + ADMIN_POLICY_INTERFACE); + g_hash_table_destroy(admin_policy->allowed_uuid_set); + g_free(admin_policy); +} diff --git a/src/admin_policy.h b/src/admin_policy.h new file mode 100644 index 000000000000..5cb97f7ec81e --- /dev/null +++ b/src/admin_policy.h @@ -0,0 +1,23 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ +/* + * + * BlueZ - Bluetooth protocol stack for Linux + * + * Copyright (C) 2021 Google LLC + * + * + */ + +#include + +struct btd_adapter; +struct btd_admin_policy; + +struct btd_admin_policy *btd_admin_policy_create(struct btd_adapter *adapter); +void btd_admin_policy_destroy(struct btd_admin_policy *admin_policy); +GHashTable *btd_admin_policy_allowlist_get( + struct btd_admin_policy *admin_policy); +void btd_admin_policy_allowlist_set(struct btd_admin_policy *admin_policy, + GHashTable *uuids); +bool btd_admin_policy_uuid_is_allowed(struct btd_admin_policy *admin_policy, + const char *uuid_str); diff --git a/src/device.c b/src/device.c index 7a6f7643afec..2192346d5f8d 100644 --- a/src/device.c +++ b/src/device.c @@ -1929,16 +1929,51 @@ static int service_prio_cmp(gconstpointer a, gconstpointer b) return p2->priority - p1->priority; } +void btd_device_update_is_blocked_by_policy(struct btd_device *dev) +{ + struct btd_adapter *adapter = dev->adapter; + struct btd_service *service; + struct btd_profile *profile; + GSList *l; + bool auto_connect = false; + + /* If service discover is ongoing, let the service discover complete + * callback call this function. + */ + if (dev->browse) + return; + + for (l = dev->services; l != NULL; l = g_slist_next(l)) { + service = l->data; + profile = btd_service_get_profile(service); + + if (!profile->auto_connect) + continue; + + if (profile->accept && + !btd_service_is_blocked_by_policy(service)) + auto_connect = true; + } + + if (!dev->disable_auto_connect) + device_set_auto_connect(dev, auto_connect); +} + static GSList *create_pending_list(struct btd_device *dev, const char *uuid) { struct btd_service *service; struct btd_profile *p; GSList *l; + bool is_blocked; if (uuid) { service = find_connectable_service(dev, uuid); - if (service) + is_blocked = !btd_adapter_uuid_is_allowed(dev->adapter, uuid); + + if (service && !is_blocked) return g_slist_prepend(dev->pending, service); + else if (is_blocked) + info("service %s is blocked by policy", uuid); return dev->pending; } @@ -1946,10 +1981,17 @@ static GSList *create_pending_list(struct btd_device *dev, const char *uuid) for (l = dev->services; l != NULL; l = g_slist_next(l)) { service = l->data; p = btd_service_get_profile(service); + is_blocked = !btd_adapter_uuid_is_allowed(dev->adapter, + p->remote_uuid); if (!p->auto_connect) continue; + if (is_blocked) { + info("service %s is blocked by policy", p->remote_uuid); + continue; + } + if (g_slist_find(dev->pending, service)) continue; @@ -2633,6 +2675,8 @@ static void device_svc_resolved(struct btd_device *dev, uint8_t browse_type, dev->svc_callbacks); g_free(cb); } + + btd_device_update_is_blocked_by_policy(dev); } static struct bonding_req *bonding_request_new(DBusMessage *msg, @@ -4627,9 +4671,10 @@ static struct btd_service *probe_service(struct btd_device *device, } /* Only set auto connect if profile has set the flag and can really - * accept connections. + * accept connections and is not blocked by policy. */ - if (profile->auto_connect && profile->accept) + if (profile->auto_connect && profile->accept && + !btd_service_is_blocked_by_policy(service)) device_set_auto_connect(device, TRUE); return service; diff --git a/src/device.h b/src/device.h index 4ae9abe0dbb4..3ca4f2c56566 100644 --- a/src/device.h +++ b/src/device.h @@ -175,5 +175,6 @@ uint32_t btd_device_get_current_flags(struct btd_device *dev); void btd_device_flags_changed(struct btd_device *dev, uint32_t supported_flags, uint32_t current_flags); +void btd_device_update_is_blocked_by_policy(struct btd_device *dev); void btd_device_init(void); void btd_device_cleanup(void); diff --git a/src/profile.c b/src/profile.c index 5e460b639c19..ae21a079a4e3 100644 --- a/src/profile.c +++ b/src/profile.c @@ -2559,6 +2559,45 @@ bool btd_profile_remove_custom_prop(const char *uuid, const char *name) return false; } +static void update_profile_policy(struct btd_profile *p, + struct btd_adapter *adapter) +{ + bool is_blocked; + + is_blocked = !btd_adapter_uuid_is_allowed(adapter, p->remote_uuid); + + if (!is_blocked && p->is_blocked_by_policy) { + p->is_blocked_by_policy = false; + adapter_add_profile(adapter, p); + + info("service %s is allowed by policy", p->remote_uuid); + + } else if (is_blocked && !p->is_blocked_by_policy) { + p->is_blocked_by_policy = true; + adapter_remove_profile(adapter, p); + + info("service %s is blocked by policy", p->remote_uuid); + } +} + +void btd_profile_policy_update(struct btd_adapter *adapter) +{ + GSList *l; + + for (l = profiles; l; l = l->next) { + struct btd_profile *p = l->data; + + update_profile_policy(p, adapter); + } + + for (l = ext_profiles; l; l = l->next) { + struct ext_profile *ext_p = l->data; + struct btd_profile *p = &ext_p->p; + + update_profile_policy(p, adapter); + } +} + void btd_profile_init(void) { g_dbus_register_interface(btd_get_dbus_connection(), diff --git a/src/profile.h b/src/profile.h index 6827f848148c..ddd4c94ec943 100644 --- a/src/profile.h +++ b/src/profile.h @@ -28,6 +28,8 @@ struct btd_profile { */ bool external; + bool is_blocked_by_policy; + int (*device_probe) (struct btd_service *service); void (*device_remove) (struct btd_service *service); @@ -40,6 +42,8 @@ struct btd_profile { struct btd_adapter *adapter); void (*adapter_remove) (struct btd_profile *p, struct btd_adapter *adapter); + + bool (*mandatory_services_are_allowed)(struct btd_service *service); }; void btd_profile_foreach(void (*func)(struct btd_profile *p, void *data), @@ -63,6 +67,7 @@ bool btd_profile_add_custom_prop(const char *uuid, const char *type, btd_profile_prop_get get, void *user_data); bool btd_profile_remove_custom_prop(const char *uuid, const char *name); +void btd_profile_policy_update(struct btd_adapter *adapter); void btd_profile_init(void); void btd_profile_cleanup(void); diff --git a/src/service.c b/src/service.c index 21a52762e637..75e71549ae41 100644 --- a/src/service.c +++ b/src/service.c @@ -166,6 +166,20 @@ void service_remove(struct btd_service *service) btd_service_unref(service); } +bool btd_service_is_blocked_by_policy(struct btd_service *service) +{ + struct btd_adapter *adapter; + + if (!service->profile->mandatory_services_are_allowed) { + adapter = device_get_adapter(service->device); + + return !btd_adapter_uuid_is_allowed(adapter, + service->profile->remote_uuid); + } + + return !service->profile->mandatory_services_are_allowed(service); +} + int service_accept(struct btd_service *service) { char addr[18]; @@ -186,6 +200,13 @@ int service_accept(struct btd_service *service) if (!service->profile->accept) return -ENOSYS; + if (btd_service_is_blocked_by_policy(service)) { + info("service %s is blocked by policy", + service->profile->remote_uuid); + + return -ECONNABORTED; + } + err = service->profile->accept(service); if (!err) goto done; diff --git a/src/service.h b/src/service.h index 88530cc17d53..e2960164fb17 100644 --- a/src/service.h +++ b/src/service.h @@ -35,6 +35,7 @@ struct btd_service *service_create(struct btd_device *device, int service_probe(struct btd_service *service); void service_remove(struct btd_service *service); +bool btd_service_is_blocked_by_policy(struct btd_service *service); int service_accept(struct btd_service *service); int service_set_connecting(struct btd_service *service); From patchwork Thu Apr 1 10:24:43 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Howard Chung X-Patchwork-Id: 12177771 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-26.3 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_AGENT_GIT,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 68E03C4361A for ; Thu, 1 Apr 2021 10:28:38 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 49C8761106 for ; Thu, 1 Apr 2021 10:28:38 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234080AbhDAK2M (ORCPT ); Thu, 1 Apr 2021 06:28:12 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50704 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234071AbhDAK1u (ORCPT ); Thu, 1 Apr 2021 06:27:50 -0400 Received: from mail-yb1-xb4a.google.com (mail-yb1-xb4a.google.com [IPv6:2607:f8b0:4864:20::b4a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5572DC061797 for ; Thu, 1 Apr 2021 03:25:32 -0700 (PDT) Received: by mail-yb1-xb4a.google.com with SMTP id l83so5282722ybf.22 for ; Thu, 01 Apr 2021 03:25:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=7Ua0WliPqrqCi5wQ2LPIjibksmzA56fcFfO1yAgxvpY=; b=Ls3jgrkiwN1iVOtLfboEMAF91oH9HdiyjI2dkZQd1KftC69D1+xE8PvUpgW8I0TLrl rERuQOqY7oy6xIDTk8/vGtrCpDbyfkvN8wdiZXzS2g8DbfT9B/hs3YLj1po/XUJyNbTR /M179qZlCa5tQ7hNOidB2WCYVa65Nwjz2b1H36hJM80/43UHrqBLQRS9GypM50VqCYOE WTmb78r6bt6TR2aJLlhYpofXnuRP3//yhFy52HGbfe9/s9vXQxGq20tyU5hMG/lUJoUY m1t1R/wcvEwTRJ/Brxld/mukI7VZWTjuLFJOPNNCkM/9kOMgherFALZK1uTeRUCrinwX fpEw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=7Ua0WliPqrqCi5wQ2LPIjibksmzA56fcFfO1yAgxvpY=; b=H+8A++K7/ZiHviQ4xU4S1uuFIg5bRG+FpmPkuQUCzPguoWqGd4AmYawYfl0aZfCv9V FiEnU4zKrDblVvWJyLk7EVREVNZVhqNjjCEWmdmYvyumwK2qwtdwTL3pbfnJZ31ulS3V koDTRZ++nO55bA9mQllrLFWtXavPhCwoXG+etKncXc/6qiPcR/RXc6/I8+PlZi/BooIP 8hnYZeL5VuzoDHdJA5EfrvMnAxQjYUrW7x12zft59mQE+ldlpDA6ZwLOE75rxTOibCnE e02xF3LBiY6L09hwhJUIoBKYzwSiy/5LXvVtjkUS3/YEft20EHm6OORfFfwu0L8LP0xT +K4A== X-Gm-Message-State: AOAM533aR9JkEsafmuiyJw87FtGFI5W7YFDg3yVwcHuthBPyTc2CLD+N Z1k3ApbDjDQ9359V6mK33IZ2N84tGjmzocodak6BCaYTJXTy2vpZ0nSvVvU5HiCXPS+ARhtJePT 9Q/hh0T7zA8Mvsto0x59HaRXOevEghZpyKkZJaV1H4CyvNwx1A4c1HFfZBaeA22YHwEOI5g4Zk7 ShYMOd19C6loU= X-Google-Smtp-Source: ABdhPJxlzfqgQoVOBQGvZodCQokQfmfPu6awgfesmE8yyGdu3witjlRL4evEuvOQEZIhxVVQJTuEtwn0QoVnDvmplQ== X-Received: from howardchung-p920.tpe.corp.google.com ([2401:fa00:1:10:ad88:abe:9fd5:a5fc]) (user=howardchung job=sendgmr) by 2002:a25:6a83:: with SMTP id f125mr10235299ybc.120.1617272731442; Thu, 01 Apr 2021 03:25:31 -0700 (PDT) Date: Thu, 1 Apr 2021 18:24:43 +0800 In-Reply-To: <20210401102447.3958224-1-howardchung@google.com> Message-Id: <20210401182328.Bluez.4.I6981df13b7eda6fd9e0a46f11211565a3826ec95@changeid> Mime-Version: 1.0 References: <20210401102447.3958224-1-howardchung@google.com> X-Mailer: git-send-email 2.31.0.291.g576ba9dcdaf-goog Subject: [Bluez PATCH 4/8] input/hog: block connection by policy From: Howard Chung To: linux-bluetooth@vger.kernel.org, luiz.dentz@gmail.com Cc: Howard Chung , Miao-chen Chou Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org This blocks HoG connection if ServiceAllowList is set and some of the mandatory services are not in the allowlist. Reviewed-by: Miao-chen Chou --- profiles/input/hog.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/profiles/input/hog.c b/profiles/input/hog.c index d50b823213b5..af4f73daf2b1 100644 --- a/profiles/input/hog.c +++ b/profiles/input/hog.c @@ -168,6 +168,27 @@ static void hog_remove(struct btd_service *service) hog_device_free(dev); } +static bool mandatory_services_are_allowed(struct btd_service *service) +{ + static const char * const mandatory_uuids[] = {DEVICE_INFORMATION_UUID, + BATTERY_UUID, HOG_UUID, NULL}; + struct btd_device *device = btd_service_get_device(service); + struct btd_adapter *adapter = device_get_adapter(device); + struct btd_profile *p = btd_service_get_profile(service); + + int i; + + for (i = 0; mandatory_uuids[i] != NULL; i++) { + if (!btd_adapter_uuid_is_allowed(adapter, mandatory_uuids[i])) { + DBG("mandatory service %s is blocked by policy", + mandatory_uuids[i]); + return false; + } + } + + return true; +} + static int hog_accept(struct btd_service *service) { struct hog_device *dev = btd_service_get_user_data(service); @@ -221,6 +242,7 @@ static struct btd_profile hog_profile = { .accept = hog_accept, .disconnect = hog_disconnect, .auto_connect = true, + .mandatory_services_are_allowed = mandatory_services_are_allowed, }; static int hog_init(void) From patchwork Thu Apr 1 10:24:44 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Howard Chung X-Patchwork-Id: 12177781 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-26.3 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_AGENT_GIT,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 35F5AC43461 for ; Thu, 1 Apr 2021 10:29:09 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id F1C61606A5 for ; Thu, 1 Apr 2021 10:29:08 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234368AbhDAK2h (ORCPT ); Thu, 1 Apr 2021 06:28:37 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50922 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234262AbhDAK1w (ORCPT ); Thu, 1 Apr 2021 06:27:52 -0400 Received: from mail-yb1-xb4a.google.com (mail-yb1-xb4a.google.com [IPv6:2607:f8b0:4864:20::b4a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D8F7BC0617A7 for ; Thu, 1 Apr 2021 03:25:35 -0700 (PDT) Received: by mail-yb1-xb4a.google.com with SMTP id f75so5262086yba.8 for ; Thu, 01 Apr 2021 03:25:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=pjLc0GCGeoKt3WMjr9IqnkfrKbYNQrPENY0f+UGyKOs=; b=Ix55Ab0zKrENL+X7zErw7gE48EA2Za9+KC2GHXX3LqekqNR3acb3oZePJurhc/mjNk 68UNoPIt3rSQFq5AbZIT8IGdFIHXm854TBVyidZELm/HrAOlV1jEvROwa9XsrAbuk8GR A3XR/e/lZguQBdfTrrMfxxDcRuXWIwU3fYEsNknu/8noHc5uDRYZBzhYnwPeXeOwms9i kXBTF+9vizLRnvWaYwkHbXiQHcfsG/55KqE+G8GAUxNV+tILzIqbpJVfbodI3RpoTHav LxSQldY58ADU3qia6OyLZ2+FlZXdtTF34dtTs1ftvAgYm5UL0S3un7H73rgl+/gyOLXp u+GQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=pjLc0GCGeoKt3WMjr9IqnkfrKbYNQrPENY0f+UGyKOs=; b=aqN3v6anLrvITmAbjc1d1DzUQF/M/YcTZfMr4L5nuAIktYMdA4EcZaj4MUYOEvxBgk 15CkkM40JUHfu9avC8wRHAU0odxf4IdLEg+RbPfppLOa3vGGpONyF9OSkKssoE+FcRgu ZA/tXx244rBCWKTih096k02NJ8hOAppyhp/c8Ildh6rEVYTcxqdLIxWx8oOBQ1qOuxj4 mW6TjMFlAS8nEDegoj1S+B0bs6jtNTCNmRiL/SpoBhRBqTEI2EvqRywwsN9wwu+BJJ27 2FnlfSgDkj+jYLG6y6+NNn0sf82lc02d/ACoU7mEwZVZmon+CQTBCHhVwGbJaVQVU/ZQ yG2A== X-Gm-Message-State: AOAM5335EHV+nG7n7BbqsjW6Ac1hwHPRu8cpL7UF2keFfMS2v8Iyzu1j AjdjiZiJ98LX3fY3GInezzVZ3RMbKj8hUy8EKxZZ4jFj9UC/bn8SeOvv4T3OFV/PZoLtAEl2TPC VUhqNsYrnlztprnX+5s+QMKUE6b7ULZRApGqByaaMTw5KLaV/k9Cx9BmTsp937cDBnFcBRAd/gg RvfVbeYLAWU9w= X-Google-Smtp-Source: ABdhPJzbCjkeGeJiJN7Ji4I7RFmD046LopJXicTfSSBqwjLOb3vgD3tUfoE0g6891FnPeHmEi7zOFZZmMC0Pw2jLwQ== X-Received: from howardchung-p920.tpe.corp.google.com ([2401:fa00:1:10:ad88:abe:9fd5:a5fc]) (user=howardchung job=sendgmr) by 2002:a25:cf90:: with SMTP id f138mr10630786ybg.421.1617272735031; Thu, 01 Apr 2021 03:25:35 -0700 (PDT) Date: Thu, 1 Apr 2021 18:24:44 +0800 In-Reply-To: <20210401102447.3958224-1-howardchung@google.com> Message-Id: <20210401182328.Bluez.5.Ie6faf8aa794d1df17758bd5bd693d13fed68e85d@changeid> Mime-Version: 1.0 References: <20210401102447.3958224-1-howardchung@google.com> X-Mailer: git-send-email 2.31.0.291.g576ba9dcdaf-goog Subject: [Bluez PATCH 5/8] audio: Remove Media1 interface when a2dp source disallowed From: Howard Chung To: linux-bluetooth@vger.kernel.org, luiz.dentz@gmail.com Cc: Howard Chung , Miao-chen Chou , Sonny Sasaka Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org When A2DP source profile is not allowed by policy, we remove the a2dp_server and everything inside the object, which also release all MediaEndpoints and MediaPlayer. When admin re-allowed A2DP source profile, although we recreate the a2dp_server, clients are not able to know they can register their endpoint and player now. This patch handle this case by unregistering Media1 interface when we remove a2dp_server, and register it back when a2dp_source is allowed. Reviewed-by: Miao-chen Chou Reviewed-by: Sonny Sasaka --- profiles/audio/a2dp.c | 2 ++ profiles/audio/avrcp.c | 3 +++ 2 files changed, 5 insertions(+) diff --git a/profiles/audio/a2dp.c b/profiles/audio/a2dp.c index d31ed845cbe7..26d4f365207e 100644 --- a/profiles/audio/a2dp.c +++ b/profiles/audio/a2dp.c @@ -3275,6 +3275,7 @@ static int a2dp_source_server_probe(struct btd_profile *p, { struct a2dp_server *server; + media_register(adapter); DBG("path %s", adapter_get_path(adapter)); server = find_server(servers, adapter); @@ -3315,6 +3316,7 @@ static void a2dp_source_server_remove(struct btd_profile *p, return; a2dp_server_unregister(server); + media_unregister(adapter); } static int a2dp_sink_server_probe(struct btd_profile *p, diff --git a/profiles/audio/avrcp.c b/profiles/audio/avrcp.c index 05dd791ded7c..c25495f19492 100644 --- a/profiles/audio/avrcp.c +++ b/profiles/audio/avrcp.c @@ -4735,6 +4735,8 @@ static void avrcp_controller_server_remove(struct btd_profile *p, if (server->tg_record_id == 0) avrcp_server_unregister(server); + + media_unregister(adapter); } static int avrcp_controller_server_probe(struct btd_profile *p, @@ -4745,6 +4747,7 @@ static int avrcp_controller_server_probe(struct btd_profile *p, DBG("path %s", adapter_get_path(adapter)); + media_register(adapter); server = find_server(servers, adapter); if (server != NULL) goto done; From patchwork Thu Apr 1 10:24:45 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Howard Chung X-Patchwork-Id: 12177777 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-26.3 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_AGENT_GIT,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 099A4C4363E for ; Thu, 1 Apr 2021 10:28:39 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id D245C6112D for ; Thu, 1 Apr 2021 10:28:38 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234387AbhDAK2O (ORCPT ); Thu, 1 Apr 2021 06:28:14 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50924 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234263AbhDAK1w (ORCPT ); Thu, 1 Apr 2021 06:27:52 -0400 Received: from mail-yb1-xb49.google.com (mail-yb1-xb49.google.com [IPv6:2607:f8b0:4864:20::b49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EEA9BC0617A9 for ; Thu, 1 Apr 2021 03:25:39 -0700 (PDT) Received: by mail-yb1-xb49.google.com with SMTP id x22so5296593ybi.1 for ; Thu, 01 Apr 2021 03:25:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=mBZDJ27quEoeuB7sdi/xI42HBNcqavoUI6lrFoCV90Q=; b=Xvok7x2NhSSQTfsM2UnSi/UjtUYW/0ij5xxEr4DFJBFuEcb6UU07K8dJaR36XMKq0O rBPirhib3kN9mhFlHTHF9lf7ydK+8fHXRNZO4ko5EjLfatSZwrqIkwRHKE3AV+84GdmJ M2W6rQ1GJwyIscic8J+K7EUgUEax+ORCIAD+hgzxsFv1FTx0wAce3K5RHl47P+UMQ0Oe O5dojP8GnvAJAPKyCLjeWWTSN98AbggaUuVNzupKTQJ/HthCNAq8KiaH+txYdt1ARBwo QiwyzYpgrj7j+Mq747QXG7t1XkNB1WL/kIMkwLDQRtfG7rfJTdVmj23/yUMEqyEoNPqB Lmtg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=mBZDJ27quEoeuB7sdi/xI42HBNcqavoUI6lrFoCV90Q=; b=IQ/Zm7JWyYBL+bdHCdC3PbN7jIo01D5bgK3reXtqH2F+AIdz+Ji2rAjSe0I21XBfFW 6uvOtdNlmkIdyvfQnoJXViXGeo28haKFS3Ytv4jzISYm9wHefHrZ4jGsl+LrvWOqkeFz hlScfDZmImXaFFH9KFe0TaxzoF10FfZrD2wZfk+NiMtOE8ycWsNZ95+FPfIgDKcFEKjh 50mVEpj5Hf0Ams7BUyEO73SQ+jPiZYK1jsoqxh5xMHC8oZ5S5nyKECgsYO561vVBkTor 3VMSNDdNmv/C6ZT605k1nF8db9ElK7VtpxRo9ePx5t923ZvV84WfbjypDI6ia1g2wWWR GFrg== X-Gm-Message-State: AOAM533YW0NnmqA1W/GjbtuDNjsXyiy+h/DtLdxn4W3Tx3Wy0HLB/z88 HaUD90xxuBQtTp25RGvIYBUZxBHaYjSRXb34s50Toonn45spFqtYHwW2zdKzq03aeAcxaYNM2Mn c3WFWfA5G+uoqEMWEfTA9z4vHf95TopEUi4vOfk/PoK1i5BfcdD1cwVe0ZGVUGEthb0mNNi88M0 puAYBGmMTqbY4= X-Google-Smtp-Source: ABdhPJxfROASGnlhutlwbs4+mjPH8PscHzx6A2UE4skzvq3vbLBsC4FKkvDH6hFfG6QHA+51p+tc/FC7glw4o4S7+g== X-Received: from howardchung-p920.tpe.corp.google.com ([2401:fa00:1:10:ad88:abe:9fd5:a5fc]) (user=howardchung job=sendgmr) by 2002:a5b:448:: with SMTP id s8mr10084433ybp.363.1617272739152; Thu, 01 Apr 2021 03:25:39 -0700 (PDT) Date: Thu, 1 Apr 2021 18:24:45 +0800 In-Reply-To: <20210401102447.3958224-1-howardchung@google.com> Message-Id: <20210401182328.Bluez.6.I85fe2263b7747372e2c01bd8dc73271dd24ad6cf@changeid> Mime-Version: 1.0 References: <20210401102447.3958224-1-howardchung@google.com> X-Mailer: git-send-email 2.31.0.291.g576ba9dcdaf-goog Subject: [Bluez PATCH 6/8] core: add properties IsBlockedByPolicy and ServiceAllowList From: Howard Chung To: linux-bluetooth@vger.kernel.org, luiz.dentz@gmail.com Cc: Howard Chung , Miao-chen Chou Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org This adds IsBlockedByPolicy to indicate if the remote device is currently blocked by policy. ServiceAllowlist is also introduced to indicate the current service allowlist. Reviewed-by: Miao-chen Chou --- src/admin_policy.c | 57 +++++++++++++++++++++++++++++++++++++++++++--- src/device.c | 32 ++++++++++++++++++++++++-- src/device.h | 1 + 3 files changed, 85 insertions(+), 5 deletions(-) diff --git a/src/admin_policy.c b/src/admin_policy.c index eeae2722cc0a..6498dcf05319 100644 --- a/src/admin_policy.c +++ b/src/admin_policy.c @@ -118,8 +118,13 @@ void btd_admin_policy_allowlist_set(struct btd_admin_policy *admin_policy, */ btd_profile_policy_update(admin_policy->adapter); - /* Update auto-connect status to all devices */ + /* Update auto-connect and IsBlockedByPolicy status to all devices */ btd_adapter_refresh_is_blocked_by_policy(admin_policy->adapter); + + g_dbus_emit_property_changed(btd_get_dbus_connection(), + adapter_get_path(admin_policy->adapter), + ADMIN_POLICY_INTERFACE, + "ServiceAllowList"); } static DBusMessage *set_service_allowlist(DBusConnection *conn, @@ -201,6 +206,51 @@ static struct btd_admin_policy *admin_policy_new(struct btd_adapter *adapter) return admin_policy; } +static void append_uuid_set(gpointer key, gpointer value, gpointer user_data) +{ + const bt_uuid_t *uuid = key; + DBusMessageIter *entry = user_data; + char uuid_str[MAX_LEN_UUID_STR]; + const char *uuid_str_ptr = uuid_str; + + bt_uuid_to_string(uuid, uuid_str, MAX_LEN_UUID_STR); + dbus_message_iter_append_basic(entry, DBUS_TYPE_STRING, &uuid_str_ptr); +} + +static gboolean +property_get_service_allowlist(const GDBusPropertyTable *property, + DBusMessageIter *iter, void *user_data) +{ + struct btd_admin_policy *admin_policy = user_data; + DBusMessageIter entry; + + dbus_message_iter_open_container(iter, DBUS_TYPE_ARRAY, + DBUS_TYPE_STRING_AS_STRING, &entry); + + g_hash_table_foreach(admin_policy->allowed_uuid_set, append_uuid_set, + &entry); + + dbus_message_iter_close_container(iter, &entry); + + return TRUE; +} + +static gboolean +property_exists_service_allowlist(const GDBusPropertyTable *property, + void *user_data) +{ + struct btd_admin_policy *admin_policy = user_data; + + return admin_policy->allowed_uuid_set != NULL ? TRUE : FALSE; +} + +static const GDBusPropertyTable admin_policy_properties[] = { + {"ServiceAllowList", "as", property_get_service_allowlist, NULL, + property_exists_service_allowlist, + G_DBUS_PROPERTY_FLAG_EXPERIMENTAL}, + { } +}; + struct btd_admin_policy *btd_admin_policy_create(struct btd_adapter *adapter) { struct btd_admin_policy *admin_policy; @@ -212,8 +262,9 @@ struct btd_admin_policy *btd_admin_policy_create(struct btd_adapter *adapter) if (!g_dbus_register_interface(btd_get_dbus_connection(), adapter_get_path(admin_policy->adapter), ADMIN_POLICY_INTERFACE, - admin_policy_methods, NULL, NULL, - admin_policy, NULL)) { + admin_policy_methods, NULL, + admin_policy_properties, admin_policy, + NULL)) { btd_error(admin_policy->adapter_id, "Failed to register " ADMIN_POLICY_INTERFACE); diff --git a/src/device.c b/src/device.c index 2192346d5f8d..aa54f00441c1 100644 --- a/src/device.c +++ b/src/device.c @@ -265,6 +265,7 @@ struct btd_device { gboolean auto_connect; gboolean disable_auto_connect; gboolean general_connect; + gboolean is_blocked_by_policy; bool legacy; int8_t rssi; @@ -1470,6 +1471,18 @@ static gboolean dev_property_wake_allowed_exist( return device_get_wake_support(device); } +static gboolean +dev_property_get_is_blocked_by_policy(const GDBusPropertyTable *property, + DBusMessageIter *iter, void *data) +{ + struct btd_device *device = data; + dbus_bool_t is_blocked = device->is_blocked_by_policy; + + dbus_message_iter_append_basic(iter, DBUS_TYPE_BOOLEAN, &is_blocked); + + return TRUE; +} + static bool disconnect_all(gpointer user_data) { struct btd_device *device = user_data; @@ -1929,6 +1942,16 @@ static int service_prio_cmp(gconstpointer a, gconstpointer b) return p2->priority - p1->priority; } +static void refresh_is_blocked_by_policy(struct btd_device *dev, bool value) +{ + if (value == dev->is_blocked_by_policy) + return; + + dev->is_blocked_by_policy = value; + g_dbus_emit_property_changed(dbus_conn, dev->path, + DEVICE_INTERFACE, "IsBlockedByPolicy"); +} + void btd_device_update_is_blocked_by_policy(struct btd_device *dev) { struct btd_adapter *adapter = dev->adapter; @@ -1936,6 +1959,7 @@ void btd_device_update_is_blocked_by_policy(struct btd_device *dev) struct btd_profile *profile; GSList *l; bool auto_connect = false; + bool is_blocked = false; /* If service discover is ongoing, let the service discover complete * callback call this function. @@ -1950,13 +1974,16 @@ void btd_device_update_is_blocked_by_policy(struct btd_device *dev) if (!profile->auto_connect) continue; - if (profile->accept && - !btd_service_is_blocked_by_policy(service)) + if (btd_service_is_blocked_by_policy(service)) + is_blocked = true; + else if (profile->accept) auto_connect = true; } if (!dev->disable_auto_connect) device_set_auto_connect(dev, auto_connect); + + refresh_is_blocked_by_policy(dev, is_blocked); } static GSList *create_pending_list(struct btd_device *dev, const char *uuid) @@ -2994,6 +3021,7 @@ static const GDBusPropertyTable device_properties[] = { { "WakeAllowed", "b", dev_property_get_wake_allowed, dev_property_set_wake_allowed, dev_property_wake_allowed_exist }, + { "IsBlockedByPolicy", "b", dev_property_get_is_blocked_by_policy}, { } }; diff --git a/src/device.h b/src/device.h index 3ca4f2c56566..a24ae088b68e 100644 --- a/src/device.h +++ b/src/device.h @@ -74,6 +74,7 @@ void device_set_service_data(struct btd_device *dev, GSList *list, bool duplicate); void device_set_data(struct btd_device *dev, GSList *list, bool duplicate); +void btd_device_update_is_blocked_by_policy(struct btd_device *dev); void device_probe_profile(gpointer a, gpointer b); void device_remove_profile(gpointer a, gpointer b); struct btd_adapter *device_get_adapter(struct btd_device *device); From patchwork Thu Apr 1 10:24:46 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Howard Chung X-Patchwork-Id: 12177779 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-26.3 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_AGENT_GIT,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2F2A8C4363F for ; Thu, 1 Apr 2021 10:28:39 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id EE4796112E for ; Thu, 1 Apr 2021 10:28:38 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234374AbhDAK2N (ORCPT ); Thu, 1 Apr 2021 06:28:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50704 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234265AbhDAK1w (ORCPT ); Thu, 1 Apr 2021 06:27:52 -0400 Received: from mail-yb1-xb49.google.com (mail-yb1-xb49.google.com [IPv6:2607:f8b0:4864:20::b49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BD008C0617AA for ; Thu, 1 Apr 2021 03:25:43 -0700 (PDT) Received: by mail-yb1-xb49.google.com with SMTP id a19so5341983ybg.10 for ; Thu, 01 Apr 2021 03:25:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=MPWDjceOUyjW0spnVMJog1vfUjDskyKLBQb3CHEa5t0=; b=gITtlrMrA2el07ystbUzk4K1pWBWrOrgqh5OK1TaQ55PRHtdx0cJcEErk5uAtL7nLZ 85GLCrJOUYglIPNZLKX6rVTJiFR8OvJZ1jTpYCAe6uSiNu62zu94pcRF1KXlVidHCa/P 7hV1dAOcF8Kted63aNwyPsEAUZx/EAnitc3WUpMqyL1UUfJ4bIfSx2Amk139z5dm+Yrx qJvVMBkJVQeN0QEImjytsc8sOQvX3HTtZbxEisu225u95o1Jtv3/rI4odNi8gOMxl/Zg hSoYQfroEgrRszI/Wc2HROPlS9GUdItpf6Q41VqnGQyGILbbxsBbMBMj3sL6VDv3ANmQ A0Qw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=MPWDjceOUyjW0spnVMJog1vfUjDskyKLBQb3CHEa5t0=; b=QGB0cn2ovKPPiisFfaqgKzASw0/zu+clhrx45/4d2ZevAD/j06/qiKDn2Ct8uosORZ qwgbbAopimQu2khbj0WaiklH46hy3xZcjIY4VwxJW+3IhDW8psJPLX5EoKoZvR6R+/zU JHdgy6Zi7oQzqE7c4dIwrfPGbYGu+PJRiV4MZK5vcyFHwhZbxje+k6e+LyqamO4xty0R An+v6xjufiqAWPSlvIN4Ri/DoyMXfndWPS5X8lZCiT2cwetVigOqddM3GSu7j14ZDeut GWLz3HaGJBgPVwBa3BqxMIQfPKKSqBtCiTlRvdgp9lS/hqJOvzN3II5xvaoMU19R4wyN bBHw== X-Gm-Message-State: AOAM530KMpQyWFUfYEAt7Rt0JvH9j8MZpt1cZ5jQ4vF6JuFYjyExZVXT qUzluAZBIiZCDZgL/FOqEXZq3csgdd62rDURzaz66GVuBsZjBqJSHrfCI+sOxi0oX9GtbfqXMaM DWiAl9808YreDJyWgATuTUNqIbjYgkvQp9Q/dFwO30GsgOzIWaBUT5h+rqZFVbxPymjL2vEcMXt eR0XEj/PZFj4M= X-Google-Smtp-Source: ABdhPJyrNHtKm0+TxOeS3eZkgVMrtcEZMlDSPp1gvwPcJeSrAEy6AyOKV1uIOHpA76dz5qoVKgH7SL/I1suU1Skz6Q== X-Received: from howardchung-p920.tpe.corp.google.com ([2401:fa00:1:10:ad88:abe:9fd5:a5fc]) (user=howardchung job=sendgmr) by 2002:a25:7bc2:: with SMTP id w185mr10907054ybc.255.1617272742942; Thu, 01 Apr 2021 03:25:42 -0700 (PDT) Date: Thu, 1 Apr 2021 18:24:46 +0800 In-Reply-To: <20210401102447.3958224-1-howardchung@google.com> Message-Id: <20210401182328.Bluez.7.Ie9fee4e1b2bf0a661af4a4834cd73bf8438ca755@changeid> Mime-Version: 1.0 References: <20210401102447.3958224-1-howardchung@google.com> X-Mailer: git-send-email 2.31.0.291.g576ba9dcdaf-goog Subject: [Bluez PATCH 7/8] core: store ServiceAllowList into settings From: Howard Chung To: linux-bluetooth@vger.kernel.org, luiz.dentz@gmail.com Cc: Howard Chung , Miao-chen Chou Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org This implements the logics of storing ServiceAllowList when the value changed and restoring ServiceAllowList when adapter initialized. The stored information would look like: ServiceAllowList=$UUID128_STRING1;$UUID128_STRING2...... Reviewed-by: Miao-chen Chou --- src/adapter.c | 103 +++++++++++++++++++++++++++++++++++++++++++++ src/adapter.h | 1 + src/admin_policy.c | 1 + 3 files changed, 105 insertions(+) diff --git a/src/adapter.c b/src/adapter.c index 5531ed0e2246..f03eda2abc17 100644 --- a/src/adapter.c +++ b/src/adapter.c @@ -473,13 +473,19 @@ uint8_t btd_adapter_get_address_type(struct btd_adapter *adapter) return adapter->bdaddr_type; } +static char **create_uuid_string_allowlist(GHashTable *allowed_uuid_set, + guint *num_of_uuid); static void store_adapter_info(struct btd_adapter *adapter) { GKeyFile *key_file; + GHashTable *allowed_uuid_set; char filename[PATH_MAX]; char *str; gsize length = 0; gboolean discoverable; + char **uuid_str_arr; + guint num_of_uuid = 0; + int i; key_file = g_key_file_new(); @@ -508,15 +514,36 @@ static void store_adapter_info(struct btd_adapter *adapter) snprintf(filename, PATH_MAX, STORAGEDIR "/%s/settings", btd_adapter_get_storage_dir(adapter)); + if (adapter->admin_policy) { + allowed_uuid_set = btd_admin_policy_allowlist_get( + adapter->admin_policy); + uuid_str_arr = create_uuid_string_allowlist(allowed_uuid_set, + &num_of_uuid); + g_key_file_set_string_list(key_file, "Policy", + "ServiceAllowList", + (const char *const*)uuid_str_arr, num_of_uuid); + } create_file(filename, 0600); + str = g_key_file_to_data(key_file, &length, NULL); g_file_set_contents(filename, str, length, NULL); g_free(str); + for (i = 0; i < num_of_uuid; i++) + g_free(uuid_str_arr[i]); + + g_free(uuid_str_arr); + g_key_file_free(key_file); } +void btd_adapter_store_adapter_info(struct btd_adapter *adapter) +{ + if (adapter) + store_adapter_info(adapter); +} + static void trigger_pairable_timeout(struct btd_adapter *adapter); static void adapter_start(struct btd_adapter *adapter); static void adapter_stop(struct btd_adapter *adapter); @@ -3509,6 +3536,32 @@ void btd_adapter_refresh_is_blocked_by_policy(struct btd_adapter *adapter) NULL); } +static char **create_uuid_string_allowlist(GHashTable *allowed_uuid_set, + guint *num_of_uuid) +{ + int i; + gpointer *uuids; + char **uuid_str_allowlist; + bt_uuid_t *uuid; + + uuids = g_hash_table_get_keys_as_array(allowed_uuid_set, num_of_uuid); + uuid_str_allowlist = g_try_malloc_n(*num_of_uuid, sizeof(char *)); + + if (!uuid_str_allowlist && !num_of_uuid) { + error("Failed to allocate memory for uuid_str_allowlist"); + return NULL; + } + + for (i = 0; i < *num_of_uuid; i++) { + uuid = uuids[i]; + uuid_str_allowlist[i] = g_try_malloc(MAX_LEN_UUID_STR); + bt_uuid_to_string(uuid, uuid_str_allowlist[i], + MAX_LEN_UUID_STR); + } + + return uuid_str_allowlist; +} + static const GDBusMethodTable adapter_methods[] = { { GDBUS_ASYNC_METHOD("StartDiscovery", NULL, NULL, start_discovery) }, { GDBUS_METHOD("SetDiscoveryFilter", @@ -6265,12 +6318,42 @@ static void fix_storage(struct btd_adapter *adapter) textfile_del(filename, "converted"); } +static GHashTable *uuid_list_to_uuid_set(gchar **uuids, gsize num_of_uuid) +{ + int i; + bt_uuid_t *uuid; + GHashTable *uuid_set = g_hash_table_new_full(bt_uuid_hash, + bt_uuid_equal, g_free, NULL); + + if (!uuid_set) + return NULL; + + for (i = 0; i < num_of_uuid; i++) { + uuid = g_try_malloc(sizeof(*uuid)); + + if (!uuid || bt_string_to_uuid(uuid, *uuids)) + goto failed; + + g_hash_table_add(uuid_set, uuid); + uuids++; + } + + return uuid_set; + +failed: + g_hash_table_destroy(uuid_set); + return NULL; +} + static void load_config(struct btd_adapter *adapter) { GKeyFile *key_file; char filename[PATH_MAX]; struct stat st; + GHashTable *uuid_set; GError *gerr = NULL; + gchar **uuids = NULL; + gsize num_of_uuid; key_file = g_key_file_new(); @@ -6320,6 +6403,23 @@ static void load_config(struct btd_adapter *adapter) gerr = NULL; } + if (adapter->admin_policy) { + uuids = g_key_file_get_string_list(key_file, "Policy", + "ServiceAllowList", &num_of_uuid, &gerr); + + if (gerr) { + uuids = NULL; + num_of_uuid = 0; + g_error_free(gerr); + gerr = NULL; + } + + uuid_set = uuid_list_to_uuid_set(uuids, num_of_uuid); + if (uuid_set) + btd_admin_policy_allowlist_set(adapter->admin_policy, + uuid_set); + } + g_key_file_free(key_file); } @@ -8761,6 +8861,9 @@ load: load_defaults(adapter); load_devices(adapter); + /* Update IsBlockedByPolicy on devices */ + g_slist_foreach(adapter->devices, update_device_is_blocked_by_policy, + NULL); /* restore Service Changed CCC value for bonded devices */ btd_gatt_database_restore_svc_chng_ccc(adapter->database); diff --git a/src/adapter.h b/src/adapter.h index 8e8c61b7bdf1..038754b6d76c 100644 --- a/src/adapter.h +++ b/src/adapter.h @@ -90,6 +90,7 @@ const char *adapter_get_path(struct btd_adapter *adapter); const bdaddr_t *btd_adapter_get_address(struct btd_adapter *adapter); uint8_t btd_adapter_get_address_type(struct btd_adapter *adapter); const char *btd_adapter_get_storage_dir(struct btd_adapter *adapter); +void btd_adapter_store_adapter_info(struct btd_adapter *adapter); int adapter_set_name(struct btd_adapter *adapter, const char *name); int adapter_service_add(struct btd_adapter *adapter, sdp_record_t *rec); diff --git a/src/admin_policy.c b/src/admin_policy.c index 6498dcf05319..0b51b379ed74 100644 --- a/src/admin_policy.c +++ b/src/admin_policy.c @@ -154,6 +154,7 @@ static DBusMessage *set_service_allowlist(DBusConnection *conn, g_hash_table_destroy(admin_policy->allowed_uuid_set); btd_admin_policy_allowlist_set(admin_policy, uuid_set); + btd_adapter_store_adapter_info(adapter); return dbus_message_new_method_return(msg); } From patchwork Thu Apr 1 10:24:47 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Howard Chung X-Patchwork-Id: 12177773 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-26.3 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_AGENT_GIT,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4822BC43140 for ; Thu, 1 Apr 2021 10:28:39 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 1AB1961132 for ; Thu, 1 Apr 2021 10:28:39 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234391AbhDAK2O (ORCPT ); Thu, 1 Apr 2021 06:28:14 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50934 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234268AbhDAK1x (ORCPT ); Thu, 1 Apr 2021 06:27:53 -0400 Received: from mail-pf1-x44a.google.com (mail-pf1-x44a.google.com [IPv6:2607:f8b0:4864:20::44a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5EE0DC0617AB for ; Thu, 1 Apr 2021 03:25:47 -0700 (PDT) Received: by mail-pf1-x44a.google.com with SMTP id a6so3147552pfv.9 for ; Thu, 01 Apr 2021 03:25:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=JWYpT6XZVBl1zd4kG0m7MOIC9V0I+5W9OEzP70fqw8w=; b=M/4iRytEi5wnL//tg48hY04wb18fMKuNNx/mzn/twH9BiKOcnE6Evmp25GWO2JaNVv bslpLMKqnQDRyBbfQDH0d+WcNEpu1/PkgAnom9ylGqeO6TMqVC8AnQMKyNSPGvjIIOSQ F6rYqHxlvjsSSzaxYvNg/1t8UJFnE4+Is3dtmW1/ws7qAUOFGh7yuLldjAuD+YIax8Mh 5Dx2JnAtpnpMAhqBeF3a0L1vsmM59f9yaRPln7DwGswTyPRXdgKSuz79Lbf8tHXXUFGt ias1SH2BjdWfgWD4fkVowkD4ndh2UZQoFYhdp/NNsIJc58gjMcG2T54Rp0o9EeP/6O9A T2eg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=JWYpT6XZVBl1zd4kG0m7MOIC9V0I+5W9OEzP70fqw8w=; b=CCs0xsMa4/vNyDYXS0HIuVOunje97Ro2YMurpI0uN5qXCW0ntTee7wPu0NPVbaZtag wF2xgQbwelLPsv5aK8HpxU5MVd9G5rrXrEaA1XaaB+XpRBVXy0Bv5VDqWcmoFhBQAOt6 f1mIYfsp87oKqg8G9Z1RHgUjS7TD3BjHdLABbjp1C/AMpFOzMuzmSza37pCoLLDy0r1Q owXDp96N7xEVNwFLRljFWCVGjfrNBmoMA6B9vBLR2iuR1ppH07biyyZqIe0FnPOjQ7/E Mvo5hBRh2Iw7n6vElP2MCygHXvlZxcCA6W9BAQCqiV9CIBDl2sr6OVJgPRf3uNBsbTiH Jhig== X-Gm-Message-State: AOAM530pHSnppo7Yr0S8oaNLP/lst42J2KdhTiLywoMGhvj15kLYzUbf wCdLBSlSbU4aMy4cLggILA0HClb69gzBvBuMuw+qs9pXVoaWmr+uvyWzokM7zLlxumRiVodmqRY a3UpNlNlmDlLQ43GtGaViaWPBZt5wdHhGhdjT/rXv/PGMG+szj6u1UpzJRp1EdlKa6ntvVDg2rV y9P6V10KFNGyg= X-Google-Smtp-Source: ABdhPJx+jBwNetz+nzbGENSJeCMsJR7onmh+PLhRCya9Mq9J961rvV1s0MvnrOzz5tnugd4Dtq8XPcS5jNDBMly8HA== X-Received: from howardchung-p920.tpe.corp.google.com ([2401:fa00:1:10:ad88:abe:9fd5:a5fc]) (user=howardchung job=sendgmr) by 2002:a62:7b83:0:b029:1f1:5ef3:b4d9 with SMTP id w125-20020a627b830000b02901f15ef3b4d9mr6919439pfc.65.1617272746722; Thu, 01 Apr 2021 03:25:46 -0700 (PDT) Date: Thu, 1 Apr 2021 18:24:47 +0800 In-Reply-To: <20210401102447.3958224-1-howardchung@google.com> Message-Id: <20210401182328.Bluez.8.I41e73e51a6a5d9cf4394903d631f41b69fb14fb6@changeid> Mime-Version: 1.0 References: <20210401102447.3958224-1-howardchung@google.com> X-Mailer: git-send-email 2.31.0.291.g576ba9dcdaf-goog Subject: [Bluez PATCH 8/8] core: Initialize uuid_str_arr to NULL From: Howard Chung To: linux-bluetooth@vger.kernel.org, luiz.dentz@gmail.com Cc: Sonny Sasaka , Daniel Winkler , Alain Michaud Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Sonny Sasaka Not initializing may crash g_free() below. Reviewed-by: Daniel Winkler Reviewed-by: Alain Michaud --- src/adapter.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/adapter.c b/src/adapter.c index f03eda2abc17..ab4f8a3ca4d7 100644 --- a/src/adapter.c +++ b/src/adapter.c @@ -483,7 +483,7 @@ static void store_adapter_info(struct btd_adapter *adapter) char *str; gsize length = 0; gboolean discoverable; - char **uuid_str_arr; + char **uuid_str_arr = NULL; guint num_of_uuid = 0; int i;