From patchwork Thu Jul 22 07:23:11 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Howard Chung X-Patchwork-Id: 12393285 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-26.3 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_AGENT_GIT,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 22AAFC6377D for ; Thu, 22 Jul 2021 07:23:32 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 00F4461279 for ; Thu, 22 Jul 2021 07:23:31 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230051AbhGVGmz (ORCPT ); Thu, 22 Jul 2021 02:42:55 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60746 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229573AbhGVGmz (ORCPT ); Thu, 22 Jul 2021 02:42:55 -0400 Received: from mail-yb1-xb49.google.com (mail-yb1-xb49.google.com [IPv6:2607:f8b0:4864:20::b49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EAA2EC061575 for ; Thu, 22 Jul 2021 00:23:30 -0700 (PDT) Received: by mail-yb1-xb49.google.com with SMTP id h7-20020a5b0a870000b029054c59edf217so6468017ybq.3 for ; Thu, 22 Jul 2021 00:23:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=unuOLAlYGAjYes9X3seLt6Z+Aoy0/fCg70BicS4XsJ8=; b=jMgKusOKPfWO+/HZKZUX8MO/KQvSVI9AxNobNfJ+plBNHPjyBHINYSdcDVPSjSrXDJ KCBKNRPn6TCLq9e/l7DYOj7QE/V8fWJJNw3ZkO232wqTTs7H7uNncMtv1zlej+ONKY/n x8B2YHcQEnePU9nMqc09F0UwCmvzYMnKxw/y4s/VOxnVhJEzjSbliXq1S3FfbN7R2RZB JpZSeVyjcir4g8FCDjljKB33A/ommlCqQ1pHmZA24wpJCoWz8XQ33lnKmpJgpA9TmiDb 4TYbdaZ5OoX1nupeN+lfMrLfRpEMuKdLX1rGDHbOqj1G2Zv2neOo0joAJ4xpm/7u/ls2 sYww== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=unuOLAlYGAjYes9X3seLt6Z+Aoy0/fCg70BicS4XsJ8=; b=UqplosjLn6p5XRQOvpyHbF4zBqnDogSIiE/gwQCoaNbm6TqaLdgvHQh4kZHk121hnT t5ipw0MRsmSboIEW1tDmNdhFZ67Ia4lw46lrPAVUTMi2mva7wW/g0YiHV2jJQmQk14ak IrShs2SnDkDW4tNJWNmxe8AnSm54eSjJJs9du4PkLGRk/JPDz0p2QkpsDQMPD5Jn+yke G0bMQulyxzNSdICrVy1rcjAHTMydsikIHt+tJOmZdjAiHsv9R0TY6/RrcRLtjEewJfYR UZ2O60F9PR5ubVsW0mF9Edu63SXhJPO4LJijET/eMI+DBTqaDiiw8BBo8xN9A8H9VKh1 HMlQ== X-Gm-Message-State: AOAM530nKic5Ea/8RaO2+j2QkTVVxpQBTxp/s631zZpynBAV6IfEK7nw IACwGgCTE35FChDgXyWLGi+kopE6YixU4riy5MBInxSkc9ox0yPGPwT2mC9lcHN1VWgkIJVmtMC Tpevckfcz+ZaX8IWB/hJfRm4rnTX8epJGnZ4ZP+LMjL83omSMTYpBQ/8H9QYx6/kYBxL36h35Pe C24fG0cXrku+A= X-Google-Smtp-Source: ABdhPJwTMH0u5Sk4WYO9qYtz7W198nGrhZUCRhmGK0OcKNJBjoRoEjzMHdNE26tvguInNMeYqNxinisDXFu+uuEtGA== X-Received: from howardchung-p920.tpe.corp.google.com ([2401:fa00:1:10:69a3:595f:8267:f7e0]) (user=howardchung job=sendgmr) by 2002:a25:ac90:: with SMTP id x16mr49112067ybi.316.1626938610032; Thu, 22 Jul 2021 00:23:30 -0700 (PDT) Date: Thu, 22 Jul 2021 15:23:11 +0800 In-Reply-To: <20210722072321.1225119-1-howardchung@google.com> Message-Id: <20210722152159.Bluez.v2.1.Ic71b1ed97538a06d02425ba502690bdab1c5d836@changeid> Mime-Version: 1.0 References: <20210722072321.1225119-1-howardchung@google.com> X-Mailer: git-send-email 2.32.0.402.g57bb445576-goog Subject: [Bluez PATCH v2 01/11] core: add is_allowed property in btd_service From: Howard Chung To: linux-bluetooth@vger.kernel.org, luiz.dentz@gmail.com Cc: Yun-Hao Chung , Miao-chen Chou Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Yun-Hao Chung This adds is_allowed property in btd_service. When is_allowed is set to false, calling btd_service_connect and service_accept will fail and the existing service connection gets disconnected. Reviewed-by: Miao-chen Chou --- Changes in v2: - Move bt_uuid_hash and bt_uuid_equal functions to adapter.c. - Modify the criteria to say a device is `Affected` from any-of-uuid to any-of-auto-connect-profile. - Remove the code to remove/reprobe disallowed/allowed profiles, instead, check if the service is allowed in bt_io_accept connect_cb. - Fix a typo in emit_property_change in plugin/admin_policy.c:set_service_allowlist - Instead of using device_state_cb, utilize D-BUS client to watch device added/removed. - Add a document in doc/ src/service.c | 33 +++++++++++++++++++++++++++++++++ src/service.h | 2 ++ 2 files changed, 35 insertions(+) diff --git a/src/service.c b/src/service.c index 21a52762e637..84fbb208a7e9 100644 --- a/src/service.c +++ b/src/service.c @@ -41,6 +41,7 @@ struct btd_service { void *user_data; btd_service_state_t state; int err; + bool is_allowed; }; struct service_state_callback { @@ -133,6 +134,7 @@ struct btd_service *service_create(struct btd_device *device, service->device = device; /* Weak ref */ service->profile = profile; service->state = BTD_SERVICE_STATE_UNAVAILABLE; + service->is_allowed = true; return service; } @@ -186,6 +188,12 @@ int service_accept(struct btd_service *service) if (!service->profile->accept) return -ENOSYS; + if (!service->is_allowed) { + info("service %s is not allowed", + service->profile->remote_uuid); + return -ECONNABORTED; + } + err = service->profile->accept(service); if (!err) goto done; @@ -245,6 +253,12 @@ int btd_service_connect(struct btd_service *service) return -EBUSY; } + if (!service->is_allowed) { + info("service %s is not allowed", + service->profile->remote_uuid); + return -ECONNABORTED; + } + err = profile->connect(service); if (err == 0) { change_state(service, BTD_SERVICE_STATE_CONNECTING, 0); @@ -361,6 +375,25 @@ bool btd_service_remove_state_cb(unsigned int id) return false; } +void btd_service_set_allowed(struct btd_service *service, bool allowed) +{ + if (allowed == service->is_allowed) + return; + + service->is_allowed = allowed; + + if (!allowed && (service->state == BTD_SERVICE_STATE_CONNECTING || + service->state == BTD_SERVICE_STATE_CONNECTED)) { + btd_service_disconnect(service); + return; + } +} + +bool btd_service_is_allowed(struct btd_service *service) +{ + return service->is_allowed; +} + void btd_service_connecting_complete(struct btd_service *service, int err) { if (service->state != BTD_SERVICE_STATE_DISCONNECTED && diff --git a/src/service.h b/src/service.h index 88530cc17d53..5a2a02447b24 100644 --- a/src/service.h +++ b/src/service.h @@ -51,6 +51,8 @@ int btd_service_get_error(const struct btd_service *service); unsigned int btd_service_add_state_cb(btd_service_state_cb cb, void *user_data); bool btd_service_remove_state_cb(unsigned int id); +void btd_service_set_allowed(struct btd_service *service, bool allowed); +bool btd_service_is_allowed(struct btd_service *service); /* Functions used by profile implementation */ void btd_service_connecting_complete(struct btd_service *service, int err); From patchwork Thu Jul 22 07:23:12 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Howard Chung X-Patchwork-Id: 12393287 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-26.3 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_AGENT_GIT,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A0DA6C6377D for ; Thu, 22 Jul 2021 07:23:35 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 87E9661249 for ; Thu, 22 Jul 2021 07:23:35 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230252AbhGVGm7 (ORCPT ); Thu, 22 Jul 2021 02:42:59 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60762 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229573AbhGVGm6 (ORCPT ); Thu, 22 Jul 2021 02:42:58 -0400 Received: from mail-qk1-x74a.google.com (mail-qk1-x74a.google.com [IPv6:2607:f8b0:4864:20::74a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 53A69C061575 for ; Thu, 22 Jul 2021 00:23:34 -0700 (PDT) Received: by mail-qk1-x74a.google.com with SMTP id a129-20020a3798870000b02903b968f2417fso3504835qke.8 for ; Thu, 22 Jul 2021 00:23:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=r6fYv8AZML8RX6rsSd30PeuQDBAUzKOI8ko0Fm5lqy8=; b=IakeJGf5yjZP158p28Qcxz5nAh61kW0rInzL9ExH9t6+qF+wslTwJtKJi9OgSzRYEF E4HZgzkcXLy83brELpykHKcgmNRey+HuFVFQc4hY5m4KL+7QAxDkb6MakU/DFJopbXn6 6vIu4/kixoejFQTeH0uMojQLFth7zJbQ0wYo/WIcWS0H1KKLD7ZeLinI9o9ZQD52q9Jm SmVXzMB5qq6f/npA81McFtB7hCFgK6/phxCm1SWs7bBeCaJFPfDm/jvoWDOSiqlDwlm5 d+lyCYDFsgRdFALG0PjEBS38n5zYCGIki7rBtFsEv1igbvi0qVNkGlRj0Kr/NVddkY/a ZENw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=r6fYv8AZML8RX6rsSd30PeuQDBAUzKOI8ko0Fm5lqy8=; b=O9zCStqjzfxFjabF/tLIhN7+uWmGwmZgLY7e9MMKrpPhqJX62IdMWMyGaQL/KAh36G UD3o0lqUGlgnxhQ9yfhIAXTuEXaXJEOpR/4YmJi730TnGAZMmNfbiFRmK3K4PBU7S11L de2Q4RTQQHWtYlvaxgUOw2sZz0nj9GBmAoLyepxxs7Hoaqj4EpmTdsB1z7WW4/VB6AWT BlXzq1jEz6R1xxRT4xik638qJupL8FmL1S4GsWXJrDCFRkwoHoZqUUPh/leC9tpDf78c QmVJ02STPuoeRUzyFcvOWKwngxsGjdm6st2A8hlULNeihNz/33P3EgBqJJwXMClQpsvf iHWQ== X-Gm-Message-State: AOAM533tggnP7vCXTvcQm/EUHSN7vMs615ujVrKCyekyd4egPYWAD46B EOS1Z1EGhyvm0E2qO/34FGzd6WiqK74waHwpI+A+BmQrMo02cKwwyYFQUbKMmKWYVCyJoH9U5tn t11aibpkr5vygZeO8VnhAM+/6IFwtEg05rXl9UO+YIB7fLHXb4xzuEl+MazTG/xNBT9UJz0vdYB 3SWax/InCRHuQ= X-Google-Smtp-Source: ABdhPJxNAQdbJO68Oy9crrZEax4fAfo1/bflN2YFa5nSSKsRVsTC/eKDW5cqVwliwkNXOh1OFdMAFlm9AKgQN5x9yw== X-Received: from howardchung-p920.tpe.corp.google.com ([2401:fa00:1:10:69a3:595f:8267:f7e0]) (user=howardchung job=sendgmr) by 2002:a05:6214:aa5:: with SMTP id ew5mr35117037qvb.18.1626938613416; Thu, 22 Jul 2021 00:23:33 -0700 (PDT) Date: Thu, 22 Jul 2021 15:23:12 +0800 In-Reply-To: <20210722072321.1225119-1-howardchung@google.com> Message-Id: <20210722152159.Bluez.v2.2.Ibc0b5f02cb249f9aca9efe45e2dadc5e50b7d89e@changeid> Mime-Version: 1.0 References: <20210722072321.1225119-1-howardchung@google.com> X-Mailer: git-send-email 2.32.0.402.g57bb445576-goog Subject: [Bluez PATCH v2 02/11] core: add adapter and device allowed_uuid functions From: Howard Chung To: linux-bluetooth@vger.kernel.org, luiz.dentz@gmail.com Cc: Yun-Hao Chung , Miao-chen Chou Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Yun-Hao Chung This implements functions in src/adapter.c and src/device.c for plugins setting a list of allowed services. Reviewed-by: Miao-chen Chou --- (no changes since v1) src/adapter.c | 90 +++++++++++++++++++++++++++++++++++++++++++++++++++ src/adapter.h | 8 +++++ src/device.c | 64 +++++++++++++++++++++++++++++++++++- src/device.h | 2 ++ 4 files changed, 163 insertions(+), 1 deletion(-) diff --git a/src/adapter.c b/src/adapter.c index 84bc5a1b09eb..93abaabb0526 100644 --- a/src/adapter.c +++ b/src/adapter.c @@ -260,6 +260,8 @@ struct btd_adapter { struct btd_battery_provider_manager *battery_provider_manager; + GHashTable *allowed_uuid_set; /* Set of allowed service UUIDs */ + gboolean initialized; GSList *pin_callbacks; @@ -3480,6 +3482,93 @@ static DBusMessage *connect_device(DBusConnection *conn, return NULL; } +static void update_device_allowed_services(void *data, void *user_data) +{ + struct btd_device *device = data; + + btd_device_update_allowed_services(device); +} + +static void add_uuid_to_uuid_set(void *data, void *user_data) +{ + bt_uuid_t *uuid = data; + GHashTable *uuid_set = user_data; + + if (!uuid) { + error("Found NULL in UUID allowed list"); + return; + } + + g_hash_table_add(uuid_set, uuid); +} + +static guint bt_uuid_hash(gconstpointer key) +{ + const bt_uuid_t *uuid = key; + bt_uuid_t uuid_128; + uint64_t *val; + + if (!uuid) + return 0; + + bt_uuid_to_uuid128(uuid, &uuid_128); + val = (uint64_t *)&uuid_128.value.u128; + + return g_int64_hash(val) ^ g_int64_hash(val+1); +} + +static gboolean bt_uuid_equal(gconstpointer v1, gconstpointer v2) +{ + const bt_uuid_t *uuid1 = v1; + const bt_uuid_t *uuid2 = v2; + + if (!uuid1 || !uuid2) + return !uuid1 && !uuid2; + + return bt_uuid_cmp(uuid1, uuid2) == 0; +} + +bool btd_adapter_set_allowed_uuids(struct btd_adapter *adapter, + struct queue *uuids) +{ + if (!adapter) + return false; + + if (adapter->allowed_uuid_set) + g_hash_table_destroy(adapter->allowed_uuid_set); + + adapter->allowed_uuid_set = g_hash_table_new(bt_uuid_hash, + bt_uuid_equal); + if (!adapter->allowed_uuid_set) { + btd_error(adapter->dev_id, + "Failed to allocate allowed_uuid_set"); + return false; + } + + queue_foreach(uuids, add_uuid_to_uuid_set, adapter->allowed_uuid_set); + g_slist_foreach(adapter->devices, update_device_allowed_services, NULL); + + return true; +} + +bool btd_adapter_is_uuid_allowed(struct btd_adapter *adapter, + const char *uuid_str) +{ + bt_uuid_t uuid; + + if (!adapter || !adapter->allowed_uuid_set) + return true; + + if (bt_string_to_uuid(&uuid, uuid_str)) { + btd_error(adapter->dev_id, + "Failed to parse UUID string '%s'", uuid_str); + return false; + } + + return !g_hash_table_size(adapter->allowed_uuid_set) || + g_hash_table_contains(adapter->allowed_uuid_set, &uuid); +} + static const GDBusMethodTable adapter_methods[] = { { GDBUS_ASYNC_METHOD("StartDiscovery", NULL, NULL, start_discovery) }, { GDBUS_METHOD("SetDiscoveryFilter", @@ -5395,6 +5484,7 @@ static void adapter_free(gpointer user_data) g_free(adapter->stored_alias); g_free(adapter->current_alias); free(adapter->modalias); + g_hash_table_destroy(adapter->allowed_uuid_set); g_free(adapter); } diff --git a/src/adapter.h b/src/adapter.h index 60b5e3bcca34..7cac51451249 100644 --- a/src/adapter.h +++ b/src/adapter.h @@ -25,6 +25,7 @@ struct btd_adapter; struct btd_device; +struct queue; struct btd_adapter *btd_adapter_get_default(void); bool btd_adapter_is_default(struct btd_adapter *adapter); @@ -97,6 +98,8 @@ void adapter_service_remove(struct btd_adapter *adapter, uint32_t handle); struct agent *adapter_get_agent(struct btd_adapter *adapter); +bool btd_adapter_uuid_is_allowed(struct btd_adapter *adapter, const char *uuid); + struct btd_adapter *btd_adapter_ref(struct btd_adapter *adapter); void btd_adapter_unref(struct btd_adapter *adapter); @@ -240,3 +243,8 @@ enum kernel_features { }; bool btd_has_kernel_features(uint32_t feature); + +bool btd_adapter_set_allowed_uuids(struct btd_adapter *adapter, + struct queue *uuids); +bool btd_adapter_is_uuid_allowed(struct btd_adapter *adapter, + const char *uuid_str); diff --git a/src/device.c b/src/device.c index faf07ba22270..31ee47cfd8d5 100644 --- a/src/device.c +++ b/src/device.c @@ -1929,6 +1929,56 @@ static int service_prio_cmp(gconstpointer a, gconstpointer b) return p2->priority - p1->priority; } +bool btd_device_all_services_allowed(struct btd_device *dev) +{ + GSList *l; + struct btd_adapter *adapter = dev->adapter; + struct btd_service *service; + struct btd_profile *profile; + + for (l = dev->services; l != NULL; l = g_slist_next(l)) { + service = l->data; + profile = btd_service_get_profile(service); + + if (!profile || !profile->auto_connect) + continue; + + if (!btd_adapter_is_uuid_allowed(adapter, profile->remote_uuid)) + return false; + } + + return true; +} + +void btd_device_update_allowed_services(struct btd_device *dev) +{ + struct btd_adapter *adapter = dev->adapter; + struct btd_service *service; + struct btd_profile *profile; + GSList *l; + bool is_allowed; + char addr[18]; + + /* If service discovery is ongoing, let the service discovery complete + * callback call this function. + */ + if (dev->browse) { + ba2str(&dev->bdaddr, addr); + DBG("service discovery of %s is ongoing. Skip updating allowed " + "services", addr); + return; + } + + for (l = dev->services; l != NULL; l = g_slist_next(l)) { + service = l->data; + profile = btd_service_get_profile(service); + + is_allowed = btd_adapter_is_uuid_allowed(adapter, + profile->remote_uuid); + btd_service_set_allowed(service, is_allowed); + } +} + static GSList *create_pending_list(struct btd_device *dev, const char *uuid) { struct btd_service *service; @@ -1937,9 +1987,14 @@ static GSList *create_pending_list(struct btd_device *dev, const char *uuid) if (uuid) { service = find_connectable_service(dev, uuid); - if (service) + + if (!service) + return dev->pending; + + if (btd_service_is_allowed(service)) return g_slist_prepend(dev->pending, service); + info("service %s is blocked", uuid); return dev->pending; } @@ -1950,6 +2005,11 @@ static GSList *create_pending_list(struct btd_device *dev, const char *uuid) if (!p->auto_connect) continue; + if (!btd_service_is_allowed(service)) { + info("service %s is blocked", p->remote_uuid); + continue; + } + if (g_slist_find(dev->pending, service)) continue; @@ -2633,6 +2693,8 @@ static void device_svc_resolved(struct btd_device *dev, uint8_t browse_type, dev->svc_callbacks); g_free(cb); } + + btd_device_update_allowed_services(dev); } static struct bonding_req *bonding_request_new(DBusMessage *msg, diff --git a/src/device.h b/src/device.h index 4ae9abe0dbb4..5f615cb4b6b2 100644 --- a/src/device.h +++ b/src/device.h @@ -175,5 +175,7 @@ uint32_t btd_device_get_current_flags(struct btd_device *dev); void btd_device_flags_changed(struct btd_device *dev, uint32_t supported_flags, uint32_t current_flags); +bool btd_device_all_services_allowed(struct btd_device *dev); +void btd_device_update_allowed_services(struct btd_device *dev); void btd_device_init(void); void btd_device_cleanup(void); From patchwork Thu Jul 22 07:23:13 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Howard Chung X-Patchwork-Id: 12393289 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-26.3 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_AGENT_GIT,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4D18FC6377D for ; Thu, 22 Jul 2021 07:23:42 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 298E261249 for ; Thu, 22 Jul 2021 07:23:42 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230300AbhGVGnF (ORCPT ); Thu, 22 Jul 2021 02:43:05 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60782 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230324AbhGVGnC (ORCPT ); Thu, 22 Jul 2021 02:43:02 -0400 Received: from mail-yb1-xb4a.google.com (mail-yb1-xb4a.google.com [IPv6:2607:f8b0:4864:20::b4a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F25CFC0613C1 for ; Thu, 22 Jul 2021 00:23:37 -0700 (PDT) Received: by mail-yb1-xb4a.google.com with SMTP id 132-20020a25158a0000b029055791ebe1e6so6447227ybv.20 for ; Thu, 22 Jul 2021 00:23:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=leZ5/Ng01dmzmYMQdSAMnNxEPVUMttJSIsVjWwyjbFU=; b=ReSODkWTWlyr2AvS0IsCjKULYfLZQQ9Lr+5MxvjJR9xpC+uZGpjoNZmySAoTLElujM s5G4OuGJQACxSR/kFCO9e/r+B+YY4G6Ws7pAUlkl4qNRAIOFKhgUxpfDZ9SKB26F+VfU MEMSo8L0iGaBQVoSLcxDuqFZX+zN4YWe0c9t4CYqkTsbmWrAbrFJI1rF+SHCHabj34EW Whzdo/Y2T1hw4f1ovavYhpd1UXzpLx5biX3itIR86Hja4Xvd+o6DHEXHtVTI/N3HOvK/ zHxIkPVrJF5IN3XU2FEIWBfw5LCjRqJs5u78UQduR9yD6E9GgSC3AOZVFOncjjywnvK8 HMdQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=leZ5/Ng01dmzmYMQdSAMnNxEPVUMttJSIsVjWwyjbFU=; b=AQVryYXjsTJozNTuWJ2+CxsAqah9gYW/iUx3lM6r5BttALScDpyqtss1Pg1pl/auRA JHNVrT5QpHBNujxVSfo43TZtUkhZQZYCEuT+tymmJ1UhfgkaHQs5xluCZ4UH6k9kbePn 6hGnSIKxzoSj7ptPcJAwuyihsmPiEHqJSeSDfq9RvS4+9b35p4AibjznYUpo7YsdoPCT 5enfWvX8AjRpV1RsASlpbf7ghQBLtePgaf2iT9laU9WA/kuhLcvcdDct+PRIJ2PlroCx VH9+oKUMYxZJYYH6yTM/Pyg8KHmqZO7IoOxl3Ip8qaw8FFWGcFQ+Zh7HvXfZfF/5aoDC 5lSw== X-Gm-Message-State: AOAM530KgpeiLvcWzS3T7rN4VVBmM33pHZZccSFVlfE9R1YLDJnYDkZk 0/mFRi5rJWPQ+05SkDZrLvSDSNju3M6UW6Ns+0QZ7ePIXXzjAtoDDbrl98C5h/HLQ4VHyOafZuB nTBFHNSMzwu1yDjTEqHpJtZtzNkf5UV5LRLUKhdW6YR6pCkIsqd6VwkTg5TO6Tbdf6ph+FM7uss Y2NeHbJan1Fcg= X-Google-Smtp-Source: ABdhPJxF9vKf5UxgYJp6glekLmG5PiIiS+gZqNEuL643f33PUIBBWWBKkdq+nR4E/hEk+QLLjknZtA0ESiGMvnsNTg== X-Received: from howardchung-p920.tpe.corp.google.com ([2401:fa00:1:10:69a3:595f:8267:f7e0]) (user=howardchung job=sendgmr) by 2002:a05:6902:1106:: with SMTP id o6mr47940346ybu.380.1626938617161; Thu, 22 Jul 2021 00:23:37 -0700 (PDT) Date: Thu, 22 Jul 2021 15:23:13 +0800 In-Reply-To: <20210722072321.1225119-1-howardchung@google.com> Message-Id: <20210722152159.Bluez.v2.3.I1f8afde9aafc699f5b3ad3b51d672f0416823d50@changeid> Mime-Version: 1.0 References: <20210722072321.1225119-1-howardchung@google.com> X-Mailer: git-send-email 2.32.0.402.g57bb445576-goog Subject: [Bluez PATCH v2 03/11] profiles: ignore incoming connection of not allowed service From: Howard Chung To: linux-bluetooth@vger.kernel.org, luiz.dentz@gmail.com Cc: Yun-Hao Chung , Miao-chen Chou Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Yun-Hao Chung Bluez listens for incoming connections for each profile. This patch ignores them if the service is not allowed by adapter. Reviewed-by: Miao-chen Chou --- Hi maintainers, In previous work of service_api, it blocks incoming connections by adding a check in profile authorization callback. This doesn't work for every profile, since some profile (e.g. health) doesn't need authorization. This change adds check to each profile. I understand it's not a very clean solution. Please let me know if you have other thoughts. Thanks. The following test steps were performed after enabling admin_policy plugin: 1. Set ServiceAllowList to ["1234"]. 2. Turn on a paired classic keyboard. Verify it can not be connected. 3. Set ServiceAllowList to ["1800","1801","180A","180F","1812"] 4. Turn off and turn on the keyboard. Verift it can be connected. (no changes since v1) Makefile.tools | 1 + profiles/audio/a2dp.c | 6 ++++++ profiles/audio/avctp.c | 7 +++++++ profiles/health/mcap.c | 10 +++++++++- profiles/input/server.c | 10 ++++++++++ src/profile.c | 12 ++++++++++++ 6 files changed, 45 insertions(+), 1 deletion(-) diff --git a/Makefile.tools b/Makefile.tools index c836b5984934..55684824fb91 100644 --- a/Makefile.tools +++ b/Makefile.tools @@ -235,6 +235,7 @@ tools_btiotest_LDADD = lib/libbluetooth-internal.la $(GLIB_LIBS) tools_mcaptest_SOURCES = tools/mcaptest.c \ btio/btio.h btio/btio.c \ src/log.c src/log.h \ + src/adapter.c src/adapter.h \ profiles/health/mcap.h profiles/health/mcap.c tools_mcaptest_LDADD = lib/libbluetooth-internal.la $(GLIB_LIBS) \ src/libshared-mainloop.la -lrt diff --git a/profiles/audio/a2dp.c b/profiles/audio/a2dp.c index 86bc02994f75..73cf210475bd 100644 --- a/profiles/audio/a2dp.c +++ b/profiles/audio/a2dp.c @@ -2386,6 +2386,12 @@ static void confirm_cb(GIOChannel *io, gpointer data) return; } + if (!btd_adapter_is_uuid_allowed(adapter_find(&src), + ADVANCED_AUDIO_UUID)) { + info("A2DP is not allowed. Ignoring the incoming connection"); + return; + } + chan = channel_new(server, device, io); if (!chan) goto drop; diff --git a/profiles/audio/avctp.c b/profiles/audio/avctp.c index 50de3361818f..044c10d213ac 100644 --- a/profiles/audio/avctp.c +++ b/profiles/audio/avctp.c @@ -1587,6 +1587,13 @@ static void avctp_confirm_cb(GIOChannel *chan, gpointer data) DBG("AVCTP: incoming connect from %s", address); + if (!btd_adapter_is_uuid_allowed(adapter_find(&src), + AVRCP_REMOTE_UUID)) { + info("AVRCP REMOTE is not allowed. " + "Ignoring the incoming connection"); + return; + } + device = btd_adapter_find_device(adapter_find(&src), &dst, BDADDR_BREDR); if (!device) diff --git a/profiles/health/mcap.c b/profiles/health/mcap.c index be13af37a0b8..1799d73e6648 100644 --- a/profiles/health/mcap.c +++ b/profiles/health/mcap.c @@ -23,8 +23,10 @@ #include #include "lib/bluetooth.h" +#include "lib/uuid.h" #include "bluetooth/l2cap.h" #include "btio/btio.h" +#include "src/adapter.h" #include "src/log.h" #include "src/shared/timeout.h" @@ -2010,7 +2012,7 @@ static void connect_mcl_event_cb(GIOChannel *chan, GError *gerr, { struct mcap_instance *mi = user_data; struct mcap_mcl *mcl; - bdaddr_t dst; + bdaddr_t src, dst; char address[18], srcstr[18]; GError *err = NULL; @@ -2018,6 +2020,7 @@ static void connect_mcl_event_cb(GIOChannel *chan, GError *gerr, return; bt_io_get(chan, &err, + BT_IO_OPT_SOURCE_BDADDR, &src, BT_IO_OPT_DEST_BDADDR, &dst, BT_IO_OPT_DEST, address, BT_IO_OPT_INVALID); @@ -2027,6 +2030,11 @@ static void connect_mcl_event_cb(GIOChannel *chan, GError *gerr, goto drop; } + if (!btd_adapter_is_uuid_allowed(adapter_find(&src), HDP_UUID)) { + info("HID is not allowed. Ignoring the incoming connection"); + return; + } + ba2str(&mi->src, srcstr); mcl = find_mcl(mi->mcls, &dst); if (mcl) { diff --git a/profiles/input/server.c b/profiles/input/server.c index 79cf08a66b38..94d06a383578 100644 --- a/profiles/input/server.c +++ b/profiles/input/server.c @@ -156,6 +156,11 @@ static void connect_event_cb(GIOChannel *chan, GError *err, gpointer data) ba2str(&dst, address); DBG("Incoming connection from %s on PSM %d", address, psm); + if (!btd_adapter_is_uuid_allowed(adapter_find(&src), HID_UUID)) { + info("HID is not allowed. Ignoring the incoming connection"); + return; + } + ret = input_device_set_channel(&src, &dst, psm, chan); if (ret == 0) return; @@ -234,6 +239,11 @@ static void confirm_event_cb(GIOChannel *chan, gpointer user_data) return; } + if (!btd_adapter_is_uuid_allowed(adapter_find(&src), HID_UUID)) { + info("HID is not allowed. Ignoring the incoming connection"); + return; + } + ba2str(&dst, addr); if (server->confirm) { diff --git a/src/profile.c b/src/profile.c index 60d17b6ae657..58500c74746d 100644 --- a/src/profile.c +++ b/src/profile.c @@ -1249,6 +1249,11 @@ static void ext_confirm(GIOChannel *io, gpointer user_data) DBG("incoming connect from %s", addr); + if (btd_adapter_is_uuid_allowed(adapter_find(&src), uuid)) { + info("UUID %s is not allowed. Igoring the connection", uuid); + return; + } + conn = create_conn(server, io, &src, &dst); if (conn == NULL) return; @@ -1272,6 +1277,7 @@ static void ext_direct_connect(GIOChannel *io, GError *err, gpointer user_data) struct ext_profile *ext = server->ext; GError *gerr = NULL; struct ext_io *conn; + const char *uuid = ext->service ? ext->service : ext->uuid; bdaddr_t src, dst; bt_io_get(io, &gerr, @@ -1285,6 +1291,12 @@ static void ext_direct_connect(GIOChannel *io, GError *err, gpointer user_data) return; } + if (btd_adapter_is_uuid_allowed(adapter_find(&src), ext->uuid)) { + info("UUID %s is not allowed. Igoring the connection", + ext->uuid); + return; + } + conn = create_conn(server, io, &src, &dst); if (conn == NULL) return; From patchwork Thu Jul 22 07:23:14 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Howard Chung X-Patchwork-Id: 12393293 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-26.3 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_AGENT_GIT,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2285EC63797 for ; Thu, 22 Jul 2021 07:23:43 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 071C561283 for ; Thu, 22 Jul 2021 07:23:42 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230330AbhGVGnG (ORCPT ); Thu, 22 Jul 2021 02:43:06 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60802 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229573AbhGVGnF (ORCPT ); Thu, 22 Jul 2021 02:43:05 -0400 Received: from mail-pj1-x104a.google.com (mail-pj1-x104a.google.com [IPv6:2607:f8b0:4864:20::104a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 95487C0613C1 for ; Thu, 22 Jul 2021 00:23:41 -0700 (PDT) Received: by mail-pj1-x104a.google.com with SMTP id o11-20020a17090ad24bb02901760a3c63a2so3602139pjw.0 for ; Thu, 22 Jul 2021 00:23:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=uAuWqyGgj1zVGvHP8Y5rWTY+zIrloT+cRDb63+cvFrs=; b=FL/FvIG7C7UH9b0dUiWeUXfCTFN7637EFmP3O7PF8HiXMPO2eIyHt+HBGL8r1ZzAtZ nnzf5T8MKnHpPe/pnRkcVbhcXdRONk6dEf341w9sqnIG/TZCg0KaQ7o8yelbGaDJvYu3 riUherl24x2pKZ6T/b0YHu/ATLo+eRXTxvnq8zHrd1rerPzy7LABB0uDWLU+jO2mt7k4 nQx8/yt7HPq3ZrnwJwtB7hmfnPsgKYPUDeNUAToY3JSbnJXq0KnokO2IWMPFqOFc3kiv pigWv+W2AVwtxWCAZl3/2RQoYvzJiNxuVTQ6uZgotJ7R7tF09IsCSUdp9nvTleAGMq9c K16Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=uAuWqyGgj1zVGvHP8Y5rWTY+zIrloT+cRDb63+cvFrs=; b=iH03WxjecWl8KfymK5y3AYtl2Cz3y1ajF9jnleAbw8NER/MShj1xIfJisLyGmJLylg V9WMMvZzMytgnW4VupEHb/37qoikXyj5SPZK8MVngoswj8gM1z+D7TsMCEshuIJOjkfK gxAxzUXjXVbJs+kcwfsL/XJEY3FwAZnZDWkcps4ILMVMglnamlpn7j5C/BxDP27IT+vx qKFhG13BuRQukutKS81Rv2k21NQL+mJN+xhAF5xbCZ2LPeGX8vYyuS//kLpp2kUE1kgA 7Z/Ik6mKIv+I/RWvoztPxvuPytqSgOiSsvhv32xVo7pBjck7BuOA6or07V/SNEbT+Y5m /uFw== X-Gm-Message-State: AOAM532v0kVdeiaWRBeJZdTaRv9pJSdUCnM67jt+VGt2JuQReHbS8AJg kcNLO+QLd6NKZqu8CthLFcdumbagam1wtvQ72PyiuayaePFKr+z2WguhBmt1CC9HT4l+2Dp3YvU P4VkEjTuqcvWjsUQJ8UC8HC/7aLaUC+NovM2NEqQTVdtv3KO0R6CFOL2Exy4Gg9W0ivISSl8unr 9NXhsu+38fiwg= X-Google-Smtp-Source: ABdhPJzrUG91fWSfP1QTV0iPWnzStDGcneTIyszycf70nYT07CZKhYTN45Gs3R9RN+2jiTjVH2S9CW0rgJ58O4DkMQ== X-Received: from howardchung-p920.tpe.corp.google.com ([2401:fa00:1:10:69a3:595f:8267:f7e0]) (user=howardchung job=sendgmr) by 2002:a17:902:f282:b029:12b:2b93:fbdd with SMTP id k2-20020a170902f282b029012b2b93fbddmr30877071plc.35.1626938620898; Thu, 22 Jul 2021 00:23:40 -0700 (PDT) Date: Thu, 22 Jul 2021 15:23:14 +0800 In-Reply-To: <20210722072321.1225119-1-howardchung@google.com> Message-Id: <20210722152159.Bluez.v2.4.Id0842634d98a21fbdfa5cc72c76a462a98bf6f40@changeid> Mime-Version: 1.0 References: <20210722072321.1225119-1-howardchung@google.com> X-Mailer: git-send-email 2.32.0.402.g57bb445576-goog Subject: [Bluez PATCH v2 04/11] plugins: new plugin From: Howard Chung To: linux-bluetooth@vger.kernel.org, luiz.dentz@gmail.com Cc: Yun-Hao Chung , Miao-chen Chou Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Yun-Hao Chung This adds an initial code for a new plugin admin_policy. Reviewed-by: Miao-chen Chou --- (no changes since v1) Makefile.plugins | 5 +++++ bootstrap-configure | 1 + configure.ac | 4 ++++ plugins/admin_policy.c | 30 ++++++++++++++++++++++++++++++ 4 files changed, 40 insertions(+) create mode 100644 plugins/admin_policy.c diff --git a/Makefile.plugins b/Makefile.plugins index 4e6a72b0bdf6..b6be0e0d559d 100644 --- a/Makefile.plugins +++ b/Makefile.plugins @@ -11,6 +11,11 @@ builtin_sources += plugins/autopair.c builtin_modules += policy builtin_sources += plugins/policy.c +if ADMIN_POLICY +builtin_modules += admin_policy +builtin_sources += plugins/admin_policy.c +endif + if NFC builtin_modules += neard builtin_sources += plugins/neard.c diff --git a/bootstrap-configure b/bootstrap-configure index 0efd83abc2c4..89c0747b0256 100755 --- a/bootstrap-configure +++ b/bootstrap-configure @@ -30,4 +30,5 @@ fi --enable-pie \ --enable-cups \ --enable-library \ + --enable-admin_policy \ --disable-datafiles $* diff --git a/configure.ac b/configure.ac index be32782a641d..53ed8911f95c 100644 --- a/configure.ac +++ b/configure.ac @@ -364,6 +364,10 @@ AC_ARG_ENABLE(logger, AC_HELP_STRING([--enable-logger], [enable HCI logger service]), [enable_logger=${enableval}]) AM_CONDITIONAL(LOGGER, test "${enable_logger}" = "yes") +AC_ARG_ENABLE(admin_policy, AC_HELP_STRING([--enable-admin_policy], + [enable admin policy plugin]), [enable_admin_policy=${enableval}]) +AM_CONDITIONAL(ADMIN_POLICY, test "${enable_admin_policy}" = "yes") + if (test "${prefix}" = "NONE"); then dnl no prefix and no localstatedir, so default to /var if (test "$localstatedir" = '${prefix}/var'); then diff --git a/plugins/admin_policy.c b/plugins/admin_policy.c new file mode 100644 index 000000000000..dd8d8973636f --- /dev/null +++ b/plugins/admin_policy.c @@ -0,0 +1,30 @@ +// SPDX-License-Identifier: LGPL-2.1-or-later +/* + * + * BlueZ - Bluetooth protocol stack for Linux + * + * Copyright (C) 2021 Google LLC + * + * + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include "src/log.h" +#include "src/plugin.h" + +static int admin_policy_init(void) +{ + DBG(""); +} + +static void admin_policy_exit(void) +{ + DBG(""); +} + +BLUETOOTH_PLUGIN_DEFINE(admin_policy, VERSION, + BLUETOOTH_PLUGIN_PRIORITY_DEFAULT, + admin_policy_init, admin_policy_exit) From patchwork Thu Jul 22 07:23:15 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Howard Chung X-Patchwork-Id: 12393291 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-26.3 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_AGENT_GIT,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 64D45C6377D for ; Thu, 22 Jul 2021 07:23:46 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 3F0E661249 for ; Thu, 22 Jul 2021 07:23:46 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230331AbhGVGnK (ORCPT ); Thu, 22 Jul 2021 02:43:10 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60818 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230308AbhGVGnJ (ORCPT ); Thu, 22 Jul 2021 02:43:09 -0400 Received: from mail-qt1-x849.google.com (mail-qt1-x849.google.com [IPv6:2607:f8b0:4864:20::849]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 08D31C061575 for ; Thu, 22 Jul 2021 00:23:45 -0700 (PDT) Received: by mail-qt1-x849.google.com with SMTP id d7-20020ac85ac70000b029026ae3f4adc9so2920861qtd.13 for ; Thu, 22 Jul 2021 00:23:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=HvdHZncGc1VfMihgcLicxjQrJciR9sYvoNrkY1clreQ=; b=UV97h9mU/LMrcH7hiw1xDBgMN0zSstrtURIxe/uzLySwwcZlGGOiZhavNycARBdp0W 3I651c8XsW6Tm2Qe9/ZYG172Vhf0noUuQfJDvqfiMfoSFw8BDCw/ocJ4zOJqv5EJCzQn noPIkLyuaTau1xcnAHbI9qSVrw/0zt28oXg8Zo/54eJme3tLcuQJ74aCD086CgE+lvu+ FtOEQV+D4a8m1XwCGF44lDJILOznC74yG2mS3iUXG2icsaMx6dC6RZXMp7+yK0jjGAUT vZaOw+fTS24SaJwB7J06RgG8saLebM6L4YHk5MWS4esw8MSlM2cWzMP/rzKHV7vNp9Xg /9mA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=HvdHZncGc1VfMihgcLicxjQrJciR9sYvoNrkY1clreQ=; b=n7bksVw3tGnPlE13Vcjr9ZlZ0RDlanyJYXCI+Sbdoaw83kQZ/6oW3FVzpg0E0VddwS I9Lo6acq2zqN4U67U2h2So5T0CXm3BO6Q08AuTEmlzbrhEtg3ZkPrEw4LlIFMTccsUn9 1SbFs+DM3DhfsxNNPcqzyaZ92zItpN2Mz0wq2hGtg7Myu//KI5CxrcXo/kC25j33OsmN eHBvfoqFoU0zpODEj5vGBw0btE9GObGRjlcep9N9eVB73osSwSL2CLw2/eYssfiwywWq Sc9rqPA32YUH0bI5wmsIFdzUWciyMvl5IR+98i+Eg9skbAvJ84g7oBYNioqQ8VSngQhJ GVrQ== X-Gm-Message-State: AOAM533bXm3RLJOWBryvmKmpXwWPQl4A2F0229h5OgCOXb1M93D9njgc xuUVg+V2xyUtCzb7RuB0VMzlATLI4vr3VxF18+WtOWj0kJ/TnealKZkF26aJNMA0fWNx+tHYBwB Ow5rNdiGcD40JvcyCuOfTvd1D45sQTR4+E5i8GhAAFJcy/S6Zp+X8anRWCye/RqhYVKg3RWfmV+ NGQvUPGtptfeo= X-Google-Smtp-Source: ABdhPJyT66pv1hkFYBTKPi/3GBqH3FOGoCR6WzxMvKLGrMFXnSA/3i4HxwaTI4KkF93MzqzKgwqaq70radhJlDFzLw== X-Received: from howardchung-p920.tpe.corp.google.com ([2401:fa00:1:10:69a3:595f:8267:f7e0]) (user=howardchung job=sendgmr) by 2002:a0c:e313:: with SMTP id s19mr39613196qvl.26.1626938624150; Thu, 22 Jul 2021 00:23:44 -0700 (PDT) Date: Thu, 22 Jul 2021 15:23:15 +0800 In-Reply-To: <20210722072321.1225119-1-howardchung@google.com> Message-Id: <20210722152159.Bluez.v2.5.I29607be7ac91b0a494ab51713ba14f583eb858ed@changeid> Mime-Version: 1.0 References: <20210722072321.1225119-1-howardchung@google.com> X-Mailer: git-send-email 2.32.0.402.g57bb445576-goog Subject: [Bluez PATCH v2 05/11] plugins/admin_policy: add admin_policy adapter driver From: Howard Chung To: linux-bluetooth@vger.kernel.org, luiz.dentz@gmail.com Cc: Yun-Hao Chung , Miao-chen Chou Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Yun-Hao Chung This adds code to register admin_policy driver to adapter when admin_policy plugin is enabled. The following test steps were performed: 1. restart bluetoothd 2. check if "Admin Policy is enabled" in system log Reviewed-by: Miao-chen Chou --- (no changes since v1) plugins/admin_policy.c | 67 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 67 insertions(+) diff --git a/plugins/admin_policy.c b/plugins/admin_policy.c index dd8d8973636f..2ece871564e6 100644 --- a/plugins/admin_policy.c +++ b/plugins/admin_policy.c @@ -12,17 +12,84 @@ #include #endif +#include "lib/bluetooth.h" + +#include "src/adapter.h" +#include "src/error.h" #include "src/log.h" #include "src/plugin.h" +#include "src/shared/queue.h" + +/* |policy_data| has the same life cycle as btd_adapter */ +static struct btd_admin_policy { + struct btd_adapter *adapter; + uint16_t adapter_id; +} *policy_data = NULL; + +static struct btd_admin_policy *admin_policy_new(struct btd_adapter *adapter) +{ + struct btd_admin_policy *admin_policy = NULL; + + admin_policy = g_try_malloc(sizeof(*admin_policy)); + if (!admin_policy) { + btd_error(btd_adapter_get_index(adapter), + "Failed to allocate memory for admin_policy"); + return NULL; + } + + admin_policy->adapter = adapter; + admin_policy->adapter_id = btd_adapter_get_index(adapter); + + return admin_policy; +} + +static void admin_policy_free(void *data) +{ + struct btd_admin_policy *admin_policy = data; + + g_free(admin_policy); +} + +static int admin_policy_adapter_probe(struct btd_adapter *adapter) +{ + if (policy_data) { + btd_warn(policy_data->adapter_id, + "Policy data already exists"); + admin_policy_free(policy_data); + policy_data = NULL; + } + + policy_data = admin_policy_new(adapter); + if (!policy_data) + return -ENOMEM; + + btd_info(policy_data->adapter_id, "Admin Policy has been enabled"); + + return 0; +} + +static struct btd_adapter_driver admin_policy_driver = { + .name = "admin_policy", + .probe = admin_policy_adapter_probe, + .resume = NULL, +}; + static int admin_policy_init(void) { DBG(""); + + return btd_register_adapter_driver(&admin_policy_driver); } static void admin_policy_exit(void) { DBG(""); + + btd_unregister_adapter_driver(&admin_policy_driver); + + if (policy_data) + admin_policy_free(policy_data); } BLUETOOTH_PLUGIN_DEFINE(admin_policy, VERSION, From patchwork Thu Jul 22 07:23:16 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Howard Chung X-Patchwork-Id: 12393295 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-26.3 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_AGENT_GIT,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B858AC63797 for ; Thu, 22 Jul 2021 07:24:31 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 9C4C861003 for ; Thu, 22 Jul 2021 07:24:31 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230479AbhGVGnx (ORCPT ); Thu, 22 Jul 2021 02:43:53 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60840 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230401AbhGVGnq (ORCPT ); Thu, 22 Jul 2021 02:43:46 -0400 Received: from mail-qk1-x74a.google.com (mail-qk1-x74a.google.com [IPv6:2607:f8b0:4864:20::74a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 71AA7C0613C1 for ; Thu, 22 Jul 2021 00:23:48 -0700 (PDT) Received: by mail-qk1-x74a.google.com with SMTP id b127-20020a3799850000b02903b960837cbfso3497681qke.10 for ; Thu, 22 Jul 2021 00:23:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=3RzARyeA9VtTGtAa3E7y9kePca8BVndJk3b2KzsXxHU=; b=AbWcmIR150vCA4URhfHrLZLe6XJMrU4Bowi8ru7HnYiaG6n+8pHLe7IlX9gvOHJHUe ouoksfx/z/fjYV2akaIQ6QOoPL9deAYh5O3Jb1dDqZWNCdzpA5YMdUb+NVdjNal8WOAx PN12E8w2VSQaaKO7HDyVYBGY4IF0W8oAgQgsQH3RpBtpRSQJS1llYEcDQviYwUxBtseh gNKFWpcomTSt2ektsz7GJsMEZtw7x3IFhWtIhY5HgRluNDooCingeKAnBCRki2ZSwaBc yMSlnG6VpXYXBa/Vti4JSnOR6SiYQanRs2gPpwqtXnzPOAgipsR3rxF9s6JnThigm5WY mR0Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=3RzARyeA9VtTGtAa3E7y9kePca8BVndJk3b2KzsXxHU=; b=n11TNtEaGGJU0zlvy1FgP6hTMxFnPMQhHdYETBQjt4cTcVmuC/m7kNjvQsA4gZ2PUP IYrvRmrU5WZXZcmZlKAE2zyNA4mNbeJAQkMJ/CRjfh1Mkt1kNC+kF/9wfdOhzSd9SV6J 9Cx2sCnnIdQSqaWoQDxl2psOAgYjh7jDKOyBDcMM2CUZukJmnjrp8X6d/A1Ur5dBG+Xh fy6qu9NJe8HdxFveugkx0hA00SnWEBRMe9qYUD+2JkL+s3Dtlz83WOBqB6x2wm9WEupE vj5eHarixAQIaLQ++XCpnxcOr/rsLoXgZM2j/Mphyh1xMiZzIbidLXP996xaOwK499tY qffQ== X-Gm-Message-State: AOAM532ddL/aaSsDeBuWxqF3SP0lfREobKpceRdgwBtsQI6p1eTul++h 32uCWQym07/RfCG+WNc42DQeuvxf853O1dbYzBq5miQFO6/ecgK7dCXgeUanj1h2rBsu66sMXJX npbo2Qr7PwUaA4CgvKPnBmEGl/20+wDB54ltT9uwqovbhVigeVtkKgb4oOQd+1Vyz4/1XNJsZtZ pfrqU+x6m1nas= X-Google-Smtp-Source: ABdhPJwCtyp9wbGzsFt4v8gKUVSjn6TPUk2vsCNbijzr3/OhBisN2tKb4EIlLwRb9+muzolyhKxd0ueK3+e5ZV9g+w== X-Received: from howardchung-p920.tpe.corp.google.com ([2401:fa00:1:10:69a3:595f:8267:f7e0]) (user=howardchung job=sendgmr) by 2002:a05:6214:27e7:: with SMTP id jt7mr40384914qvb.28.1626938627453; Thu, 22 Jul 2021 00:23:47 -0700 (PDT) Date: Thu, 22 Jul 2021 15:23:16 +0800 In-Reply-To: <20210722072321.1225119-1-howardchung@google.com> Message-Id: <20210722152159.Bluez.v2.6.Ifbb69dd6e371da3a914049a94615064479b9024b@changeid> Mime-Version: 1.0 References: <20210722072321.1225119-1-howardchung@google.com> X-Mailer: git-send-email 2.32.0.402.g57bb445576-goog Subject: [Bluez PATCH v2 06/11] plugins/admin_policy: add ServiceAllowList method From: Howard Chung To: linux-bluetooth@vger.kernel.org, luiz.dentz@gmail.com Cc: Yun-Hao Chung , Miao-chen Chou Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Yun-Hao Chung This adds code to register interface org.bluez.AdminPolicySet1. The interface will provide methods to limit users to operate certain functions of bluez, such as allow/disallow user to taggle adapter power, or only allow users to connect services in the specified list, etc. This patch also implements ServiceAllowlist in org.bluez.AdminPolicySet1. Reviewed-by: Miao-chen Chou --- The following test steps were performed: 1. Set ServiceAllowList to ["1108","110A","110B","110C","110D","110E", "110F","1112","111E","111F","1203"] ( users are only allowed to connect headset ) 2. Turn on paired WF1000XM3, and listen music on Youtube. 3. Turn on paired K830 (LE device), press any key on keyboard. 4. Turn on paired Samsung Bluetooth Keyboard EE-BT550 (BREDR device), press any key on keyboard. 5. Set ServiceAllowList to ["1124","180A","180F","1812"] ( users are only allowed to connect HID devices ) 6. Turn on paired WF1000XM3, and listen music on Youtube. 7. Turn on paired K830 (LE device), press any key on keyboard. 8. Turn on paired Samsung Bluetooth Keyboard EE-BT550 (BREDR device), press any key on keyboard. 9. Set ServiceAllowList to [] ( users are only allowed to connect any device. ) 10. Turn on paired WF1000XM3, and listen music on Youtube. 11. Turn on paired K830 (LE device), press any key on keyboard. 12. Turn on paired Samsung Bluetooth Keyboard EE-BT550 (BREDR device), press any key on keyboard. Expected results: Step 2,7,8,9,10,11 should success, and step 3,4,6 should fail. (no changes since v1) plugins/admin_policy.c | 123 ++++++++++++++++++++++++++++++++++++++++- 1 file changed, 122 insertions(+), 1 deletion(-) diff --git a/plugins/admin_policy.c b/plugins/admin_policy.c index 2ece871564e6..242b8d5dacb0 100644 --- a/plugins/admin_policy.c +++ b/plugins/admin_policy.c @@ -12,19 +12,29 @@ #include #endif +#include +#include + #include "lib/bluetooth.h" +#include "lib/uuid.h" #include "src/adapter.h" +#include "src/dbus-common.h" #include "src/error.h" #include "src/log.h" #include "src/plugin.h" #include "src/shared/queue.h" +#define ADMIN_POLICY_SET_INTERFACE "org.bluez.AdminPolicySet1" + +static DBusConnection *dbus_conn; + /* |policy_data| has the same life cycle as btd_adapter */ static struct btd_admin_policy { struct btd_adapter *adapter; uint16_t adapter_id; + struct queue *service_allowlist; } *policy_data = NULL; static struct btd_admin_policy *admin_policy_new(struct btd_adapter *adapter) @@ -40,17 +50,116 @@ static struct btd_admin_policy *admin_policy_new(struct btd_adapter *adapter) admin_policy->adapter = adapter; admin_policy->adapter_id = btd_adapter_get_index(adapter); + admin_policy->service_allowlist = NULL; return admin_policy; } +static void free_service_allowlist(struct queue *q) +{ + queue_destroy(q, g_free); +} + static void admin_policy_free(void *data) { struct btd_admin_policy *admin_policy = data; + free_service_allowlist(admin_policy->service_allowlist); g_free(admin_policy); } +static struct queue *parse_allow_service_list(struct btd_adapter *adapter, + DBusMessage *msg) +{ + DBusMessageIter iter, arr_iter; + struct queue *uuid_list = NULL; + + dbus_message_iter_init(msg, &iter); + if (dbus_message_iter_get_arg_type(&iter) != DBUS_TYPE_ARRAY) + return NULL; + + uuid_list = queue_new(); + dbus_message_iter_recurse(&iter, &arr_iter); + do { + const int type = dbus_message_iter_get_arg_type(&arr_iter); + char *uuid_param; + bt_uuid_t *uuid; + + if (type == DBUS_TYPE_INVALID) + break; + + if (type != DBUS_TYPE_STRING) + goto failed; + + dbus_message_iter_get_basic(&arr_iter, &uuid_param); + + uuid = g_try_malloc(sizeof(*uuid)); + if (!uuid) + goto failed; + + if (bt_string_to_uuid(uuid, uuid_param)) { + g_free(uuid); + goto failed; + } + + queue_push_head(uuid_list, uuid); + + dbus_message_iter_next(&arr_iter); + } while (true); + + return uuid_list; + +failed: + queue_destroy(uuid_list, g_free); + return NULL; +} + +static bool service_allowlist_set(struct btd_admin_policy *admin_policy, + struct queue *uuid_list) +{ + struct btd_adapter *adapter = admin_policy->adapter; + + if (!btd_adapter_set_allowed_uuids(adapter, uuid_list)) + return false; + + free_service_allowlist(admin_policy->service_allowlist); + admin_policy->service_allowlist = uuid_list; + + return true; +} + +static DBusMessage *set_service_allowlist(DBusConnection *conn, + DBusMessage *msg, void *user_data) +{ + struct btd_admin_policy *admin_policy = user_data; + struct btd_adapter *adapter = admin_policy->adapter; + struct queue *uuid_list = NULL; + const char *sender = dbus_message_get_sender(msg); + + DBG("sender %s", sender); + + /* Parse parameters */ + uuid_list = parse_allow_service_list(adapter, msg); + if (!uuid_list) { + btd_error(admin_policy->adapter_id, + "Failed on parsing allowed service list"); + return btd_error_invalid_args(msg); + } + + if (!service_allowlist_set(admin_policy, uuid_list)) { + free_service_allowlist(uuid_list); + return btd_error_failed(msg, "service_allowlist_set failed"); + } + + return dbus_message_new_method_return(msg); +} + +static const GDBusMethodTable admin_policy_adapter_methods[] = { + { GDBUS_METHOD("SetServiceAllowList", GDBUS_ARGS({ "UUIDs", "as" }), + NULL, set_service_allowlist) }, + { } +}; + static int admin_policy_adapter_probe(struct btd_adapter *adapter) { if (policy_data) { @@ -64,8 +173,18 @@ static int admin_policy_adapter_probe(struct btd_adapter *adapter) if (!policy_data) return -ENOMEM; - btd_info(policy_data->adapter_id, "Admin Policy has been enabled"); + if (!g_dbus_register_interface(dbus_conn, adapter_get_path(adapter), + ADMIN_POLICY_SET_INTERFACE, + admin_policy_adapter_methods, NULL, + NULL, policy_data, admin_policy_free)) { + btd_error(policy_data->adapter_id, + "Admin Policy Set interface init failed on path %s", + adapter_get_path(adapter)); + return -EINVAL; + } + btd_info(policy_data->adapter_id, + "Admin Policy Set interface registered"); return 0; } @@ -79,6 +198,8 @@ static int admin_policy_init(void) { DBG(""); + dbus_conn = btd_get_dbus_connection(); + return btd_register_adapter_driver(&admin_policy_driver); } From patchwork Thu Jul 22 07:23:17 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Howard Chung X-Patchwork-Id: 12393301 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-23.5 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, UNWANTED_LANGUAGE_BODY,URIBL_BLOCKED,USER_AGENT_GIT,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3AD0EC63798 for ; Thu, 22 Jul 2021 07:24:36 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 1D86261355 for ; Thu, 22 Jul 2021 07:24:36 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231186AbhGVGn7 (ORCPT ); Thu, 22 Jul 2021 02:43:59 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60986 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230100AbhGVGnv (ORCPT ); Thu, 22 Jul 2021 02:43:51 -0400 Received: from mail-pj1-x1049.google.com (mail-pj1-x1049.google.com [IPv6:2607:f8b0:4864:20::1049]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CC426C061798 for ; Thu, 22 Jul 2021 00:23:51 -0700 (PDT) Received: by mail-pj1-x1049.google.com with SMTP id p10-20020a17090a428ab0290175556801d5so3814021pjg.2 for ; Thu, 22 Jul 2021 00:23:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=H7qAJRqdqyfxprqmam5PyjQtsjrQGuynANBGFDFSws0=; b=hySnIV0nCtrp0H8HJ1UhmP+xVCooWVARg8fXjU4WQLg4nKIpAPLmk5AgVe3XmAuWVB 6oQEVw4z+TpJYzIXP1vhGQsgEEuZmkXo+8A/boFJrOFLAvttUaNS0tmZluoojOk4aSkm 9L57dnxQb0KRipZJfVcQErtdROCjRM5EkMfVRwi/swpdYVfyt/EF7Yyx2DnGfeSt4Vtd O1Sxi1YRV5kQGmHhp05mYcHBCeDwMFy+eNoc30tWsgWjq+vKMFcGELBD4KW6/AReamYx vTWZd8H4fLrU7Ne+13FvPn0u+1jIfLpEFFwKTECJQcvvsukIIG0JcjCV2Ab1DoUgheVF UrWw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=H7qAJRqdqyfxprqmam5PyjQtsjrQGuynANBGFDFSws0=; b=WCzU37VdDjcUzHhSjbqSQ3zj5G1nk/+0jEf9yY0HToiWyX0qvYOJiOePj682rn30XC iiQYs0vSQKOxtUNrYKHWuQy+cJV8hmHTsq0g2ZlGtQp/1wAGJ2av2MAA9cr1dJj2znB6 1oaoId04cw5qbBdFL5rmsmQBuMreH21k6B07Kbvl9+Gc2hvPfDe2DBU1bRhIMyFdNB+s fj0Cf/jQTTPtwTcKJruNFJZa6POhelzEXIXYObf+q3EvKO3yvxmBCqM0Ml7rZe2fgn7c nE/yhJjS7kP2jqiBTW9K3udFHg6TR5n4Ojj59f4MAbRJDmS+SBODLaG2RliIAoo/x5zh QwCg== X-Gm-Message-State: AOAM531+yNkHSaj2cj4NlXqVjP1YPrFu54jYnrW0f8FfP487g8bXUFVy QvpsEzxWt/W2AO5Efeimu2ZeX9uOC1z1Bw8miRV1xEOBDzbztwCiSNTrQ2PXX1+6O6mFhue+9b7 Aux1Bt4wpLGAhDJgPVOIQuSLO0MrSsFgW1Sh0cf0hk8JoWpYOI39eu/kiYa6bKhqRfn7JXnPVJh m7Yhmdap1xp+E= X-Google-Smtp-Source: ABdhPJwSFz39VQ+t+5Q1HrcLWXFa7vwnrqsomIsx0HY7L4LQD0fXColD4gxOBwZIgQkG9eiX0nhn0OSTPaKn+Xtl4Q== X-Received: from howardchung-p920.tpe.corp.google.com ([2401:fa00:1:10:69a3:595f:8267:f7e0]) (user=howardchung job=sendgmr) by 2002:a62:ab0a:0:b029:33b:6d08:2a45 with SMTP id p10-20020a62ab0a0000b029033b6d082a45mr27788651pff.38.1626938631178; Thu, 22 Jul 2021 00:23:51 -0700 (PDT) Date: Thu, 22 Jul 2021 15:23:17 +0800 In-Reply-To: <20210722072321.1225119-1-howardchung@google.com> Message-Id: <20210722152159.Bluez.v2.7.I00fd6c348e4c93501de6de0eae0d23436fd3895b@changeid> Mime-Version: 1.0 References: <20210722072321.1225119-1-howardchung@google.com> X-Mailer: git-send-email 2.32.0.402.g57bb445576-goog Subject: [Bluez PATCH v2 07/11] plugins/admin_policy: add ServiceAllowList property From: Howard Chung To: linux-bluetooth@vger.kernel.org, luiz.dentz@gmail.com Cc: Yun-Hao Chung , Miao-chen Chou Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Yun-Hao Chung This adds code to register interface org.bluez.AdminPolicyStatus. The interface will provide read-only properties to indicate the current settings of admin policies. We separate this from AdminPolicySet so that normal clients can check current policy settings while only a few clients can change policies. This patch also adds readonly property ServiceAllowlist to AdminPolicyStatus1, which indicates the current setting of service allowlist. Reviewed-by: Miao-chen Chou --- The following test steps were performed: 1. Set ServiceAllowList to ["1124","180A","180F","1812"] 2. Verify ServiceAllowList is ["1124","180A","180F","1812"] in UUID-128 form 3. Set ServiceAllowList to [] 4. Verify ServiceAllowList is [] (no changes since v1) plugins/admin_policy.c | 58 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) diff --git a/plugins/admin_policy.c b/plugins/admin_policy.c index 242b8d5dacb0..270d42366cd6 100644 --- a/plugins/admin_policy.c +++ b/plugins/admin_policy.c @@ -27,6 +27,7 @@ #include "src/shared/queue.h" #define ADMIN_POLICY_SET_INTERFACE "org.bluez.AdminPolicySet1" +#define ADMIN_POLICY_STATUS_INTERFACE "org.bluez.AdminPolicyStatus1" static DBusConnection *dbus_conn; @@ -151,6 +152,11 @@ static DBusMessage *set_service_allowlist(DBusConnection *conn, return btd_error_failed(msg, "service_allowlist_set failed"); } + g_dbus_emit_property_changed(dbus_conn, + adapter_get_path(policy_data->adapter), + ADMIN_POLICY_STATUS_INTERFACE, + "ServiceAllowList"); + return dbus_message_new_method_return(msg); } @@ -160,6 +166,43 @@ static const GDBusMethodTable admin_policy_adapter_methods[] = { { } }; +void append_service_uuid(void *data, void *user_data) +{ + bt_uuid_t *uuid = data; + DBusMessageIter *entry = user_data; + char uuid_str[MAX_LEN_UUID_STR]; + const char *uuid_str_ptr = uuid_str; + + if (!uuid) { + error("Unexpected NULL uuid data in service_allowlist"); + return; + } + + bt_uuid_to_string(uuid, uuid_str, MAX_LEN_UUID_STR); + dbus_message_iter_append_basic(entry, DBUS_TYPE_STRING, &uuid_str_ptr); +} + +static gboolean property_get_service_allowlist( + const GDBusPropertyTable *property, + DBusMessageIter *iter, void *user_data) +{ + struct btd_admin_policy *admin_policy = user_data; + DBusMessageIter entry; + + dbus_message_iter_open_container(iter, DBUS_TYPE_ARRAY, + DBUS_TYPE_STRING_AS_STRING, &entry); + queue_foreach(admin_policy->service_allowlist, append_service_uuid, + &entry); + dbus_message_iter_close_container(iter, &entry); + + return TRUE; +} + +static const GDBusPropertyTable admin_policy_adapter_properties[] = { + { "ServiceAllowList", "as", property_get_service_allowlist }, + { } +}; + static int admin_policy_adapter_probe(struct btd_adapter *adapter) { if (policy_data) { @@ -185,6 +228,21 @@ static int admin_policy_adapter_probe(struct btd_adapter *adapter) btd_info(policy_data->adapter_id, "Admin Policy Set interface registered"); + + if (!g_dbus_register_interface(dbus_conn, adapter_get_path(adapter), + ADMIN_POLICY_STATUS_INTERFACE, + NULL, NULL, + admin_policy_adapter_properties, + policy_data, admin_policy_free)) { + btd_error(policy_data->adapter_id, + "Admin Policy Status interface init failed on path %s", + adapter_get_path(adapter)); + return -EINVAL; + } + + btd_info(policy_data->adapter_id, + "Admin Policy Status interface registered"); + return 0; } From patchwork Thu Jul 22 07:23:18 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Howard Chung X-Patchwork-Id: 12393305 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-23.5 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, UNWANTED_LANGUAGE_BODY,URIBL_BLOCKED,USER_AGENT_GIT,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B4F17C63799 for ; Thu, 22 Jul 2021 07:24:36 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id A273E60551 for ; Thu, 22 Jul 2021 07:24:36 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231124AbhGVGn5 (ORCPT ); Thu, 22 Jul 2021 02:43:57 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60996 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230407AbhGVGnv (ORCPT ); Thu, 22 Jul 2021 02:43:51 -0400 Received: from mail-qv1-xf49.google.com (mail-qv1-xf49.google.com [IPv6:2607:f8b0:4864:20::f49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A27BFC06179C for ; Thu, 22 Jul 2021 00:23:55 -0700 (PDT) Received: by mail-qv1-xf49.google.com with SMTP id eo14-20020ad4594e0000b02902fc3fd31414so3174573qvb.16 for ; Thu, 22 Jul 2021 00:23:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=Nr7d5kbdJgplVMKnxiv3ENfoURCVEJT+N1sNUQI5FVE=; b=CqR6KTfvGq5czm54ovQsXwtakNlwTB5Wi5bVSaZz5x1YqomXRl7YtQCV7w8m4RRoeg 9WZTZDqydjNJF7EUeGLLMLENGMptE6efyu1tWvmPZGtQAzU4Pg/XBkFB70qQTHKZcaNk YOVBZ6Vpnt7OoqnHhrw+xu8Z3mmCjQ8DymvyLRnwitgWKrLKvPIPT1nxcQdHe41lgm2k tLSjDWLA3GFMwfgC6vAwKGkMOFI7WXC1Jz8R8c6oijc5yLniWHQDj7q0RAl3L9hrOlfr uwxpWDUFjOsQO9Nl8EN235a0cxWhHxp8D7c9/DtnbL+fk8gfRSFOnvSN5yi0OEHKw4Yj is+g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=Nr7d5kbdJgplVMKnxiv3ENfoURCVEJT+N1sNUQI5FVE=; b=quBKoqH/hGJ1OS+cNJ39sbq6u1w+2GsOK+R6IOhk9K2VHTqYo3Uag/DAmigIeT8AIS dFcNtDJus3vSGxKPvoqPidGZwLN5VvRY2uKLbmxlJrFRWpucbYVJOAuf1Tp8dwiJzLvU EnAP8vHa0ZhRL3BcjPKRf2dnYt54dbehlT5sawc8rnGowyr2v2xNJSgWaPIL8kWPVMgg I6j48E+c12feS+QTMAZGml2mJgWe+WzBjQh0/aaoasPgRcV6HMWrsQ9cWDgTvtQ8vw+L ap4yVKL79EVUtqZjVrZDgkun72oYHbAY5yT+B7gTULVYLN+nQClAyj4IFzNvqWF5zNmM X0rA== X-Gm-Message-State: AOAM532emDExsW9dWbYTM9G99VSwRIjS3uFgWGLNwSZwwEe+nROoM7li fddvlfVnYaqpUNsC4MnXBmTbFSh2wc7vqElH/MAqdItgkrU1T1dPtXFKJZMWCDyGVaw7JC3tcYH qujHEPW57USic0W858MIO4pKwgCPSiUrVAM98ivrnCFbUZ5aZUODaTBxMWHTiUXX5TmluxQD1tj Pb4SNQZgds1xs= X-Google-Smtp-Source: ABdhPJzBzG7MKa2SFYt+maT59CwMSgbzi44V/S3TiQUd6BY3gcatg5ZU4nJUbEqYaXAdp7Q/Mfbnzny0mmOR0QxM8Q== X-Received: from howardchung-p920.tpe.corp.google.com ([2401:fa00:1:10:69a3:595f:8267:f7e0]) (user=howardchung job=sendgmr) by 2002:a0c:f850:: with SMTP id g16mr39589670qvo.5.1626938634690; Thu, 22 Jul 2021 00:23:54 -0700 (PDT) Date: Thu, 22 Jul 2021 15:23:18 +0800 In-Reply-To: <20210722072321.1225119-1-howardchung@google.com> Message-Id: <20210722152159.Bluez.v2.8.I517e5199ac8019b770c7ee8c92a294ec1c752748@changeid> Mime-Version: 1.0 References: <20210722072321.1225119-1-howardchung@google.com> X-Mailer: git-send-email 2.32.0.402.g57bb445576-goog Subject: [Bluez PATCH v2 08/11] plugins/admin_policy: listen for device add and remove From: Howard Chung To: linux-bluetooth@vger.kernel.org, luiz.dentz@gmail.com Cc: Yun-Hao Chung , Miao-chen Chou Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Yun-Hao Chung This adds an D-BUS client to listen for DeviceAdd and DeviceRemove. It is necessary for implementation of "AffectedByPolicy" property since it needs to register an interface for each device object and unregister it once the device gets removed. Reviewed-by: Miao-chen Chou --- The following test steps were performed: 1. start discovery using UI 2. verify device_data were added by checking system log 3. stop discovery 4. verify device_data were removed after a few seconds by checking system log (no changes since v1) plugins/admin_policy.c | 154 +++++++++++++++++++++++++++++++++++++++-- 1 file changed, 150 insertions(+), 4 deletions(-) diff --git a/plugins/admin_policy.c b/plugins/admin_policy.c index 270d42366cd6..73d695ef976b 100644 --- a/plugins/admin_policy.c +++ b/plugins/admin_policy.c @@ -20,6 +20,7 @@ #include "src/adapter.h" #include "src/dbus-common.h" +#include "src/device.h" #include "src/error.h" #include "src/log.h" #include "src/plugin.h" @@ -29,7 +30,12 @@ #define ADMIN_POLICY_SET_INTERFACE "org.bluez.AdminPolicySet1" #define ADMIN_POLICY_STATUS_INTERFACE "org.bluez.AdminPolicyStatus1" +#define DBUS_BLUEZ_SERVICE "org.bluez" +#define BTD_DEVICE_INTERFACE "org.bluez.Device1" + static DBusConnection *dbus_conn; +static GDBusClient *dbus_client; +static struct queue *devices; /* List of struct device_data objects */ /* |policy_data| has the same life cycle as btd_adapter */ static struct btd_admin_policy { @@ -38,6 +44,11 @@ static struct btd_admin_policy { struct queue *service_allowlist; } *policy_data = NULL; +struct device_data { + struct btd_device *device; + char *path; +}; + static struct btd_admin_policy *admin_policy_new(struct btd_adapter *adapter) { struct btd_admin_policy *admin_policy = NULL; @@ -203,8 +214,122 @@ static const GDBusPropertyTable admin_policy_adapter_properties[] = { { } }; +static bool device_data_match(const void *a, const void *b) +{ + const struct device_data *data = a; + const struct btd_device *dev = b; + + if (!data) { + error("Unexpected NULL device_data"); + return false; + } + + return data->device == dev; +} + +static bool device_data_match_by_path(const void *a, const void *b) +{ + const struct device_data *data = a; + const char *path = b; + + if (!data) { + error("Unexpected NULL device_data"); + return false; + } + + return strcmp(data->path, b) == 0; +} + +static void free_device_data(void *data) +{ + struct device_data *device_data = data; + + g_free(device_data->path); + g_free(device_data); +} + +static void remove_device_data(void *data) +{ + struct device_data *device_data = data; + + DBG("device_data for %s removing", device_data->path); + + queue_remove(devices, device_data); + free_device_data(device_data); +} + +static void add_device_data(struct btd_device *device) +{ + struct btd_adapter *adapter = device_get_adapter(device); + struct device_data *data; + + if (queue_find(devices, device_data_match, device)) + return; + + data = g_new0(struct device_data, 1); + if (!data) { + btd_error(btd_adapter_get_index(adapter), + "Failed to allocate memory for device_data"); + return; + } + + data->device = device; + data->path = g_strdup(device_get_path(device)); + queue_push_tail(devices, data); + + DBG("device_data for %s added", data->path); +} + +static struct btd_device *find_device_by_proxy(GDBusProxy *proxy) +{ + const char *path = g_dbus_proxy_get_path(proxy); + const char *iface = g_dbus_proxy_get_interface(proxy); + struct btd_device *device; + + if (strcmp(iface, BTD_DEVICE_INTERFACE) != 0) + return NULL; + + device = btd_adapter_find_device_by_path(policy_data->adapter, path); + + if (!device) { + btd_warn(adapter_get_path(policy_data->adapter), + "Device path %s is not found", path); + } + + return device; +} + +static void object_added_cb(GDBusProxy *proxy, void *user_data) +{ + struct btd_device *device; + + device = find_device_by_proxy(proxy); + + if (!device) + return; + + add_device_data(device); +} + +static void object_removed_cb(GDBusProxy *proxy, void *user_data) +{ + const char *path = g_dbus_proxy_get_path(proxy); + const char *iface = g_dbus_proxy_get_interface(proxy); + struct device_data *data; + + if (strcmp(iface, BTD_DEVICE_INTERFACE) != 0) + return; + + data = queue_find(devices, device_data_match_by_path, path); + + if (data) + remove_device_data(data); +} + static int admin_policy_adapter_probe(struct btd_adapter *adapter) { + const char *adapter_path; + if (policy_data) { btd_warn(policy_data->adapter_id, "Policy data already exists"); @@ -216,33 +341,43 @@ static int admin_policy_adapter_probe(struct btd_adapter *adapter) if (!policy_data) return -ENOMEM; - if (!g_dbus_register_interface(dbus_conn, adapter_get_path(adapter), + adapter_path = adapter_get_path(adapter); + + if (!g_dbus_register_interface(dbus_conn, adapter_path, ADMIN_POLICY_SET_INTERFACE, admin_policy_adapter_methods, NULL, NULL, policy_data, admin_policy_free)) { btd_error(policy_data->adapter_id, "Admin Policy Set interface init failed on path %s", - adapter_get_path(adapter)); + adapter_path); return -EINVAL; } btd_info(policy_data->adapter_id, "Admin Policy Set interface registered"); - if (!g_dbus_register_interface(dbus_conn, adapter_get_path(adapter), + if (!g_dbus_register_interface(dbus_conn, adapter_path, ADMIN_POLICY_STATUS_INTERFACE, NULL, NULL, admin_policy_adapter_properties, policy_data, admin_policy_free)) { btd_error(policy_data->adapter_id, "Admin Policy Status interface init failed on path %s", - adapter_get_path(adapter)); + adapter_path); return -EINVAL; } btd_info(policy_data->adapter_id, "Admin Policy Status interface registered"); + dbus_client = g_dbus_client_new(dbus_conn, DBUS_BLUEZ_SERVICE, + adapter_path); + + g_dbus_client_set_proxy_handlers(dbus_client, object_added_cb, + object_removed_cb, NULL, NULL); + + g_dbus_client_set_ready_watch(dbus_client, NULL, NULL); + return 0; } @@ -257,6 +392,7 @@ static int admin_policy_init(void) DBG(""); dbus_conn = btd_get_dbus_connection(); + devices = queue_new(); return btd_register_adapter_driver(&admin_policy_driver); } @@ -266,9 +402,19 @@ static void admin_policy_exit(void) DBG(""); btd_unregister_adapter_driver(&admin_policy_driver); + queue_destroy(devices, free_device_data); if (policy_data) admin_policy_free(policy_data); + + if (dbus_client) { + g_dbus_client_set_disconnect_watch(dbus_client, NULL, NULL); + g_dbus_client_set_proxy_handlers(dbus_client, NULL, NULL, NULL, + NULL); + g_dbus_client_set_ready_watch(dbus_client, NULL, NULL); + g_dbus_client_unref(dbus_client); + dbus_client = NULL; + } } BLUETOOTH_PLUGIN_DEFINE(admin_policy, VERSION, From patchwork Thu Jul 22 07:23:19 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Howard Chung X-Patchwork-Id: 12393297 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-26.3 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_AGENT_GIT,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1974BC63798 for ; Thu, 22 Jul 2021 07:24:33 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id F402F60551 for ; Thu, 22 Jul 2021 07:24:32 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230504AbhGVGn4 (ORCPT ); Thu, 22 Jul 2021 02:43:56 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60998 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230410AbhGVGnv (ORCPT ); Thu, 22 Jul 2021 02:43:51 -0400 Received: from mail-pl1-x64a.google.com (mail-pl1-x64a.google.com [IPv6:2607:f8b0:4864:20::64a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 43FDFC06179E for ; Thu, 22 Jul 2021 00:23:59 -0700 (PDT) Received: by mail-pl1-x64a.google.com with SMTP id p9-20020a170902e749b029012b7acb0e05so2223655plf.23 for ; Thu, 22 Jul 2021 00:23:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=aHuuA3aXJk87AqDOW0EsHYsn/rLGQfcJ7MKOCIl3a4E=; b=llJZeIX2BqU58SpYL2dmOrcdOxd9jjxgVC7YB9GJ87R3LKi6Msiz7lm8iRftihs4j6 nKGt25U4Fwv7B6RQGT3lcejK6BRVDoCGEeAu5FgyUcGB4vhOH1P88m9wqLfGhigJ1Au5 TMcHaaPNl5XGMZj8XHrkHwSG/WbsAoW+m7Oi66x6vdAoRfCZ8b3O1YbIJhHmEaL57DZM ODeCgFI0DHuH+8YwLkl1vaoZhTjfk44i9cRsaLXK9OoxP+7Sq9xGhyphmL6N4ft9f5hB JZZNiU12IVxxUHLTYlBE9aWp/BkFMwOVqbtVjdAs8bWHMwgWrM1BdWcwTBkAGk+q5xhG tU9g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=aHuuA3aXJk87AqDOW0EsHYsn/rLGQfcJ7MKOCIl3a4E=; b=aiz6THmBewy9F2FmwH6e1XorlYPgMpJcCmGUycStiARku0AIXfxmUVblTW8CiDiOJ2 s9RICpE2W8kUFmwOm33fJvQuSbvONf7PNNfXuKkXrARCP3mRcTfpatwsqACDnMuy22jm SsXpjtPQwL8T4e/772WOEHqSsghO/djFR66iyjdh8VKy8H3VUGUutKjyG27/vOycaHW7 7AMZk59bIPm4vPDxlAadm2dnIIsjA3PfUA3wO7sajbMBSSaM74q8JtoZsgi5qRHP4eiI KPTvNGMVpFAlurPWBhGEaJxBOB3nhSN6TpenZDzqCm/bDVn9l+EaWnnvLJZXduYotfqS 6P6Q== X-Gm-Message-State: AOAM533m3EEv0R9nqULYjJ3YmaDYW0tOS4TXt/j9k0yCrzsirDks6Mt9 DMeerkp4rNVbq7wrVv30lPMdQBqtfyRZDhh4PC/cQJQJ+EBT26oVfmKVudLj9k+me1DqNBPsF7/ vf/Ho/nPcIYf5MoTZ3lnux301QZnbk2i3DnGtHm97LS195me9lXufj6JeGyduxmSoDZbfwxeYKd kSwKHOCTrvbro= X-Google-Smtp-Source: ABdhPJw5plFXApemPbapEI6YbHuKQ07g9YQoGdrsSXtCMAuXeOYe5ZlZI+2FWynsMaoJDa/Mh4pn3KcPDMnSS9yWVw== X-Received: from howardchung-p920.tpe.corp.google.com ([2401:fa00:1:10:69a3:595f:8267:f7e0]) (user=howardchung job=sendgmr) by 2002:a62:160a:0:b029:328:56b9:b1ee with SMTP id 10-20020a62160a0000b029032856b9b1eemr40640871pfw.52.1626938638650; Thu, 22 Jul 2021 00:23:58 -0700 (PDT) Date: Thu, 22 Jul 2021 15:23:19 +0800 In-Reply-To: <20210722072321.1225119-1-howardchung@google.com> Message-Id: <20210722152159.Bluez.v2.9.I570c860f59c8ed66ddb31aa54584ee08080aa10c@changeid> Mime-Version: 1.0 References: <20210722072321.1225119-1-howardchung@google.com> X-Mailer: git-send-email 2.32.0.402.g57bb445576-goog Subject: [Bluez PATCH v2 09/11] plugins/admin_policy: add AffectedByPolicy property From: Howard Chung To: linux-bluetooth@vger.kernel.org, luiz.dentz@gmail.com Cc: Yun-Hao Chung , Miao-chen Chou Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Yun-Hao Chung This adds property to indicate if a device has any service that is being blocked by admin policy. Reviewed-by: Miao-chen Chou --- The following test steps were performed: 1. Set ServiceAllowList to [] 2. Verify AffectedByPolicy of K830 is False 3. Set ServiceAllowList to ["1800"] 4. Verify AffectedByPolicy of K830 is False 5. Set ServiceAllowList to ["1800","1801","180A","180F","1812"] 6. Verify AffectedByPolicy of K830 is True (no changes since v1) plugins/admin_policy.c | 74 ++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 72 insertions(+), 2 deletions(-) diff --git a/plugins/admin_policy.c b/plugins/admin_policy.c index 73d695ef976b..3ce72b56b529 100644 --- a/plugins/admin_policy.c +++ b/plugins/admin_policy.c @@ -47,6 +47,7 @@ static struct btd_admin_policy { struct device_data { struct btd_device *device; char *path; + bool affected; }; static struct btd_admin_policy *admin_policy_new(struct btd_adapter *adapter) @@ -140,6 +141,27 @@ static bool service_allowlist_set(struct btd_admin_policy *admin_policy, return true; } +static void update_device_affected(void *data, void *user_data) +{ + struct device_data *dev_data = data; + bool affected; + + if (!dev_data) { + error("Unexpected NULL device_data when updating device"); + return; + } + + affected = !btd_device_all_services_allowed(dev_data->device); + + if (affected == dev_data->affected) + return; + + dev_data->affected = affected; + + g_dbus_emit_property_changed(dbus_conn, dev_data->path, + ADMIN_POLICY_STATUS_INTERFACE, "AffectedByPolicy"); +} + static DBusMessage *set_service_allowlist(DBusConnection *conn, DBusMessage *msg, void *user_data) { @@ -168,6 +190,8 @@ static DBusMessage *set_service_allowlist(DBusConnection *conn, ADMIN_POLICY_STATUS_INTERFACE, "ServiceAllowList"); + queue_foreach(devices, update_device_affected, NULL); + return dbus_message_new_method_return(msg); } @@ -240,6 +264,29 @@ static bool device_data_match_by_path(const void *a, const void *b) return strcmp(data->path, b) == 0; } +static gboolean property_get_affected_by_policy( + const GDBusPropertyTable *property, + DBusMessageIter *iter, void *user_data) +{ + struct device_data *data = user_data; + dbus_bool_t affected; + + if (!data) { + error("Unexpected error: device_data is NULL"); + return FALSE; + } + + dbus_message_iter_append_basic(iter, DBUS_TYPE_BOOLEAN, + &data->affected); + + return TRUE; +} + +static const GDBusPropertyTable admin_policy_device_properties[] = { + { "AffectedByPolicy", "b", property_get_affected_by_policy }, + { } +}; + static void free_device_data(void *data) { struct device_data *device_data = data; @@ -275,11 +322,33 @@ static void add_device_data(struct btd_device *device) data->device = device; data->path = g_strdup(device_get_path(device)); + data->affected = !btd_device_all_services_allowed(data->device); + + if (!g_dbus_register_interface(dbus_conn, data->path, + ADMIN_POLICY_STATUS_INTERFACE, + NULL, NULL, + admin_policy_device_properties, + data, remove_device_data)) { + btd_error(btd_adapter_get_index(adapter), + "Admin Policy Status interface init failed on path %s", + device_get_path(device)); + free_device_data(data); + return; + } + queue_push_tail(devices, data); DBG("device_data for %s added", data->path); } +static void unregister_device_data(void *data, void *user_data) +{ + struct device_data *dev_data = data; + + g_dbus_unregister_interface(dbus_conn, dev_data->path, + ADMIN_POLICY_STATUS_INTERFACE); +} + static struct btd_device *find_device_by_proxy(GDBusProxy *proxy) { const char *path = g_dbus_proxy_get_path(proxy); @@ -323,7 +392,7 @@ static void object_removed_cb(GDBusProxy *proxy, void *user_data) data = queue_find(devices, device_data_match_by_path, path); if (data) - remove_device_data(data); + unregister_device_data(data, NULL); } static int admin_policy_adapter_probe(struct btd_adapter *adapter) @@ -402,7 +471,8 @@ static void admin_policy_exit(void) DBG(""); btd_unregister_adapter_driver(&admin_policy_driver); - queue_destroy(devices, free_device_data); + queue_foreach(devices, unregister_device_data, NULL); + queue_destroy(devices, g_free); if (policy_data) admin_policy_free(policy_data); From patchwork Thu Jul 22 07:23:20 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Howard Chung X-Patchwork-Id: 12393299 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-23.5 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, UNWANTED_LANGUAGE_BODY,URIBL_BLOCKED,USER_AGENT_GIT,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8518AC63797 for ; Thu, 22 Jul 2021 07:24:35 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 6B02E60551 for ; Thu, 22 Jul 2021 07:24:35 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231156AbhGVGn6 (ORCPT ); Thu, 22 Jul 2021 02:43:58 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:32772 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230438AbhGVGnx (ORCPT ); Thu, 22 Jul 2021 02:43:53 -0400 Received: from mail-pj1-x1049.google.com (mail-pj1-x1049.google.com [IPv6:2607:f8b0:4864:20::1049]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EDD5CC06179F for ; Thu, 22 Jul 2021 00:24:02 -0700 (PDT) Received: by mail-pj1-x1049.google.com with SMTP id o11-20020a17090ad24bb02901760a3c63a2so3602791pjw.0 for ; Thu, 22 Jul 2021 00:24:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=YqqvcKvjKRDjV+myUI56V8EaBEFO8mDpVdLV0MfyQso=; b=HfIO3WSIx+EaW4e+rtrkZIRwcise1UBZA72KB80MGRv4SzmbLYFnc6ZRJV6gEDyJkL fNJbeIRdC0CkvZWhReNpAwetzik+YaCYHYsh+lni7IzGaIaRZlza3U0oh10Wo8lGGej6 nfXKixlujoxB3+woMtDaumi/4IsiaJHGXKRE9H4x8a+yM9r09Fb0ieAhzctjpGX8toyX 5FDwgp0czAW0Q6E1wWwgfJcOtNSlfG7lQNMNdewX6/P50q/m/2Je0G30/z1R1CPFQUjX JdeHYd38nVximE3W1RBn7AXOGGTcJdz+vvIT0bgke7SU5uxhM28YBZIDwxVY+YV1guoi M5DQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=YqqvcKvjKRDjV+myUI56V8EaBEFO8mDpVdLV0MfyQso=; b=Py2MAT8XVknOxqMFvMtWrdS8GF3wRuL52q3FJYYkdoiwj80u4AW/P9xTDXQtqPzWs6 WKBvbZaqg4codIwaAjwFCjkBowhbseXSIMl0WXduRWBeSM3XOLhfT1bjGe5FmCv10n7b R1DdFpCMVNVWIg+uKHNR/Svw+cnlzrwbWOeIGhjpsuJT6TMvMUiS+9ZUqYOUm3GljTy7 bQLXerHLxVwMvipspmKhZn97WquHO9iWYIsps9VzWTS8kuJSL5D5tJIdESdXLNIgzObD jxk22hJjowfI9ygqhkWYqhCRfxbDGgfQiOZc6/4SsxWqftKhnvBO2LGT89YEoV8ccKbU 7w5g== X-Gm-Message-State: AOAM5318R8IMR97CoTWdYlcq5RzkoheuRkVPs48kHD7TTMCDcNANbIfh kQcQ0OCG/Qay0NNMh+zqAhbuXcI9lUoz4vzZc2blWLXS/XdBFkosQDjvjJeYBEV7MnZCOmrc87c MTAos4TZz72MeohZ1Cr/olGrvjqnuQ7m+tPXtPrQQwHvC9E/UIZAvGMW0GnII/5kXGSZF0oLxQg GokeF6ERZvINs= X-Google-Smtp-Source: ABdhPJzGsHR0TK+23onShcUmyQ6LNDz9L15QXBOGuyPWo5lsCrU0pjxIwbJNZwf2vqkJhdm92RzWVkNoQzJ8pKcTqw== X-Received: from howardchung-p920.tpe.corp.google.com ([2401:fa00:1:10:69a3:595f:8267:f7e0]) (user=howardchung job=sendgmr) by 2002:a17:903:189:b029:12b:3fd7:d95d with SMTP id z9-20020a1709030189b029012b3fd7d95dmr30633812plg.24.1626938642393; Thu, 22 Jul 2021 00:24:02 -0700 (PDT) Date: Thu, 22 Jul 2021 15:23:20 +0800 In-Reply-To: <20210722072321.1225119-1-howardchung@google.com> Message-Id: <20210722152159.Bluez.v2.10.Ib26c0abdbd417673a8b5788c175c06110726a68c@changeid> Mime-Version: 1.0 References: <20210722072321.1225119-1-howardchung@google.com> X-Mailer: git-send-email 2.32.0.402.g57bb445576-goog Subject: [Bluez PATCH v2 10/11] plugins/admin_policy: persist policy settings From: Howard Chung To: linux-bluetooth@vger.kernel.org, luiz.dentz@gmail.com Cc: Yun-Hao Chung , Miao-chen Chou Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Yun-Hao Chung This adds code to store the ServiceAllowlist to file /var/lib/bluetooth/{MAC_ADDR}/admin_policy The stored settings will be loaded upon admin_policy initialized. Reviewed-by: Miao-chen Chou --- The following test steps were performed: 1. Set ServiceAllowlist to ["1124","180A","180F","1812", "1801"] 2. restart bluetoothd 3. Verify ServiceAllowlist is ["1124","180A","180F","1812","1801"] in UUID-128 form 4. Set ServiceAllowlist to [] 5. restart bluetoothd 6. Verify ServiceAllowlist is [] (no changes since v1) plugins/admin_policy.c | 163 ++++++++++++++++++++++++++++++++++++++++- 1 file changed, 162 insertions(+), 1 deletion(-) diff --git a/plugins/admin_policy.c b/plugins/admin_policy.c index 3ce72b56b529..3a55d97b3b4d 100644 --- a/plugins/admin_policy.c +++ b/plugins/admin_policy.c @@ -14,6 +14,8 @@ #include #include +#include +#include #include "lib/bluetooth.h" #include "lib/uuid.h" @@ -24,11 +26,13 @@ #include "src/error.h" #include "src/log.h" #include "src/plugin.h" +#include "src/textfile.h" #include "src/shared/queue.h" #define ADMIN_POLICY_SET_INTERFACE "org.bluez.AdminPolicySet1" #define ADMIN_POLICY_STATUS_INTERFACE "org.bluez.AdminPolicyStatus1" +#define ADMIN_POLICY_STORAGE STORAGEDIR "/admin_policy_settings" #define DBUS_BLUEZ_SERVICE "org.bluez" #define BTD_DEVICE_INTERFACE "org.bluez.Device1" @@ -162,6 +166,8 @@ static void update_device_affected(void *data, void *user_data) ADMIN_POLICY_STATUS_INTERFACE, "AffectedByPolicy"); } +static void store_policy_settings(struct btd_admin_policy *admin_policy); + static DBusMessage *set_service_allowlist(DBusConnection *conn, DBusMessage *msg, void *user_data) { @@ -180,7 +186,9 @@ static DBusMessage *set_service_allowlist(DBusConnection *conn, return btd_error_invalid_args(msg); } - if (!service_allowlist_set(admin_policy, uuid_list)) { + if (service_allowlist_set(admin_policy, uuid_list)) { + store_policy_settings(admin_policy); + } else { free_service_allowlist(uuid_list); return btd_error_failed(msg, "service_allowlist_set failed"); } @@ -238,6 +246,158 @@ static const GDBusPropertyTable admin_policy_adapter_properties[] = { { } }; +static void free_uuid_strings(char **uuid_strs, int num) +{ + gsize i; + + for (i = 0; i < num; i++) + g_free(uuid_strs[i]); + g_free(uuid_strs); +} + +static char **new_uuid_strings(struct queue *allowlist, gsize *num) +{ + const struct queue_entry *entry = NULL; + bt_uuid_t *uuid = NULL; + char **uuid_strs = NULL; + gsize i = 0, allowlist_num; + + allowlist_num = queue_length(allowlist); + uuid_strs = g_try_malloc_n(allowlist_num, sizeof(char *)); + if (!uuid_strs) + return NULL; + + for (entry = queue_get_entries(allowlist); entry != NULL; + entry = entry->next) { + uuid = entry->data; + uuid_strs[i] = g_try_malloc0(MAX_LEN_UUID_STR * sizeof(char)); + + if (!uuid_strs[i]) + goto failed; + + bt_uuid_to_string(uuid, uuid_strs[i], MAX_LEN_UUID_STR); + i++; + } + + *num = allowlist_num; + return uuid_strs; + +failed: + free_uuid_strings(uuid_strs, i); + + return NULL; +} + +static void store_policy_settings(struct btd_admin_policy *admin_policy) +{ + GKeyFile *key_file = NULL; + char *filename = ADMIN_POLICY_STORAGE; + char *key_file_data = NULL; + char **uuid_strs = NULL; + gsize length, num_uuids; + + key_file = g_key_file_new(); + + if (num_uuids) { + uuid_strs = new_uuid_strings(admin_policy->service_allowlist, + &num_uuids); + } + + if (!uuid_strs && num_uuids) { + btd_error(admin_policy->adapter_id, + "Failed to allocate uuid strings"); + goto failed; + } + + g_key_file_set_string_list(key_file, "General", "ServiceAllowlist", + (const gchar * const *)uuid_strs, + num_uuids); + + if (create_file(ADMIN_POLICY_STORAGE, 0600) < 0) { + btd_error(admin_policy->adapter_id, "create %s failed, %s", + filename, strerror(errno)); + goto failed; + } + + key_file_data = g_key_file_to_data(key_file, &length, NULL); + g_file_set_contents(ADMIN_POLICY_STORAGE, key_file_data, length, NULL); + + g_free(key_file_data); + free_uuid_strings(uuid_strs, num_uuids); + +failed: + g_key_file_free(key_file); +} + +static void key_file_load_service_allowlist(GKeyFile *key_file, + struct btd_admin_policy *admin_policy) +{ + GError *gerr = NULL; + struct queue *uuid_list = NULL; + gchar **uuids = NULL; + gsize num, i; + + uuids = g_key_file_get_string_list(key_file, "General", + "ServiceAllowlist", &num, &gerr); + + if (gerr) { + btd_error(admin_policy->adapter_id, + "Failed to load ServiceAllowlist"); + g_error_free(gerr); + return; + } + + uuid_list = queue_new(); + for (i = 0; i < num; i++) { + bt_uuid_t *uuid = g_try_malloc(sizeof(*uuid)); + + if (!uuid) + goto failed; + + if (bt_string_to_uuid(uuid, *uuids)) { + + btd_error(admin_policy->adapter_id, + "Failed to convert '%s' to uuid struct", + *uuids); + + g_free(uuid); + goto failed; + } + + queue_push_tail(uuid_list, uuid); + uuids++; + } + + if (!service_allowlist_set(admin_policy, uuid_list)) + goto failed; + + return; +failed: + free_service_allowlist(uuid_list); +} + +static void load_policy_settings(struct btd_admin_policy *admin_policy) +{ + GKeyFile *key_file; + char *filename = ADMIN_POLICY_STORAGE; + struct stat st; + + if (stat(filename, &st) < 0) { + btd_error(admin_policy->adapter_id, + "Failed to get file %s information", + filename); + return; + } + + key_file = g_key_file_new(); + + g_key_file_load_from_file(key_file, filename, 0, NULL); + + key_file_load_service_allowlist(key_file, admin_policy); + + g_key_file_free(key_file); +} + static bool device_data_match(const void *a, const void *b) { const struct device_data *data = a; @@ -410,6 +570,7 @@ static int admin_policy_adapter_probe(struct btd_adapter *adapter) if (!policy_data) return -ENOMEM; + load_policy_settings(policy_data); adapter_path = adapter_get_path(adapter); if (!g_dbus_register_interface(dbus_conn, adapter_path, From patchwork Thu Jul 22 07:23:21 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Howard Chung X-Patchwork-Id: 12393303 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-26.3 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_AGENT_GIT,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6BE6DC6379B for ; Thu, 22 Jul 2021 07:24:37 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 566216120C for ; Thu, 22 Jul 2021 07:24:37 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230343AbhGVGoA (ORCPT ); Thu, 22 Jul 2021 02:44:00 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:32774 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230501AbhGVGny (ORCPT ); Thu, 22 Jul 2021 02:43:54 -0400 Received: from mail-qk1-x749.google.com (mail-qk1-x749.google.com [IPv6:2607:f8b0:4864:20::749]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 98D8CC0617A0 for ; Thu, 22 Jul 2021 00:24:06 -0700 (PDT) Received: by mail-qk1-x749.google.com with SMTP id y5-20020a37af050000b02903a9c3f8b89fso3532882qke.2 for ; Thu, 22 Jul 2021 00:24:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=NwhbRd6Nda2nJmrC1VjdWIQ0w2RnDxD9VGxxWica+fA=; b=tW0sibNufkvI6BamDgrPIBrtPLeDsXTICTcA5r8dLpuIBjINjYNEQDK6Ksvg55pUQw MKM4+9c4NR3p5iXL4AMb2zKmq9vKzRXGIoe3y1zsKfbRO0eIIfKGWLproFwfV5gaM4k7 36docd2sbCrb6YIGGgVLL+k7bP+4eNux5TNgLDUJHzER8FtWbPI7vP07a/rfSkdTXZCr 2+ZVazXrqpJ15AWfbp2sUxriQi1GKClPO4R0z4dvuduGrJP71KB+gYaKaqjtCdcdbK9u MZxKudABBKFDv1sW+2ckqhnMhniN81Pozdf+QL3Difq0p7FdOfIhJe0K3xLyGI+UpRDj AGNw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=NwhbRd6Nda2nJmrC1VjdWIQ0w2RnDxD9VGxxWica+fA=; b=uhIAGwaBundzaD6Cu2qkfnyFLGD9DH99NNZuBWiBhEOBaSTFaMXo5BNZQU8+Ox6gxq mlF9BpzWxM79KePWBslVi09Ax8uhoHOWYp6Xn9VYTz9XTrrffWx2xFzHNa1GaEKP7nex vAmI8oxjrDRDhlJ2xNaOx/S8PDVdiEh+EWoJYk5SyWJNu4Wq6ACJVK5//abEP6BAIxRA nQh+h62nFmFkeFy9H8tZrEdD9XfptrX/d2kOrTv4Z5rFDJpSUU0SS78UAWo3jnrkVZ2W PZUwuuxSu5qmLStxcTpc06DWlrR/d3S9i7DnG78lw+aV/bkuu8RllbuMaZw+l/jBgoCd OivA== X-Gm-Message-State: AOAM531mHPwNUkYNkEPLpFxfFO4d6s24mjPolbw8xZZTAjR3XOLlPcx4 ReJl4S0oeUjXaGfbkSXHG53Yq2rtQ30OFgcakS24GIf50yMpYem7aPp8HnjBAPZI01alAHN06DY XktQZYMSFJ2i2rFNqcsglDvJusaKoF0xpzHdkAmEHZxGjnoNL8/NgaaT7+Zy7LG1Uu6sm0JX1Fv DPnXNY3OSyTsQ= X-Google-Smtp-Source: ABdhPJzmSvxaH++Chu+mvdDv/eEMk44UnLEwaXz48FKYP2dS7r24twbza6YhQpqYTnHKyDflSwxpqBHss/OlTb0CUg== X-Received: from howardchung-p920.tpe.corp.google.com ([2401:fa00:1:10:69a3:595f:8267:f7e0]) (user=howardchung job=sendgmr) by 2002:a0c:ec02:: with SMTP id y2mr39785420qvo.61.1626938645644; Thu, 22 Jul 2021 00:24:05 -0700 (PDT) Date: Thu, 22 Jul 2021 15:23:21 +0800 In-Reply-To: <20210722072321.1225119-1-howardchung@google.com> Message-Id: <20210722152159.Bluez.v2.11.I433ab6a7ac1d4f8f8dea496ac14bdbf3597015d3@changeid> Mime-Version: 1.0 References: <20210722072321.1225119-1-howardchung@google.com> X-Mailer: git-send-email 2.32.0.402.g57bb445576-goog Subject: [Bluez PATCH v2 11/11] doc: add description of admin policy From: Howard Chung To: linux-bluetooth@vger.kernel.org, luiz.dentz@gmail.com Cc: Yun-Hao Chung , Miao-chen Chou Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Yun-Hao Chung This adds admin-pocliy-api.txt. Reviewed-by: Miao-chen Chou --- (no changes since v1) doc/admin-policy-api.txt | 65 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 65 insertions(+) create mode 100644 doc/admin-policy-api.txt diff --git a/doc/admin-policy-api.txt b/doc/admin-policy-api.txt new file mode 100644 index 000000000000..3f116901dbd7 --- /dev/null +++ b/doc/admin-policy-api.txt @@ -0,0 +1,65 @@ +BlueZ D-Bus Admin Policy API description +*********************************** + +This API provides methods to control the behavior of bluez as an administrator. + +Interface AdminPolicySet1 provides methods to set policies. Once the policy is +set successfully, it will affect all clients and stay persistently even after +restarting Bluetooth Daemon. The only way to clear it is to overwrite the +policy with the same method. + +Interface AdminPolicyStatus1 provides readonly properties to indicate the +current values of admin policy. + + +Admin Policy Set hierarchy +================= + +Service org.bluez +Interface org.bluez.AdminPolicySet1 +Object path [variable prefix]/{hci0,hci1,...} + +Methods void SetServiceAllowList(array{string} UUIDs) + + This method sets the service allowlist by specifying + service UUIDs. + + When SetServiceAllowList is called, bluez will block + incoming and outgoing connections to the service not in + UUIDs for all of the clients. + + Any subsequent calls to this method will supersede any + previously set allowlist values. Calling this method + with an empty array will allow any service UUIDs to be + used. + + The default value is an empty array. + + Possible errors: org.bluez.Error.InvalidArguments + org.bluez.Error.Failed + + +Admin Policy Status hierarchy +================= + +Service org.bluez +Interface org.bluez.AdminPolicyStatus1 +Object path [variable prefix]/{hci0,hci1,...} + +Properties array{string} ServiceAllowList [readonly] + + Current value of service allow list. + + + +Admin Policy Status hierarchy +================= + +Service org.bluez +Interface org.bluez.AdminPolicyStatus1 +Object path [variable prefix]/{hci0,hci1,...}/dev_XX_XX_XX_XX_XX_XX + +Properties bool IsAffectedByPolicy [readonly] + + Indicate if there is any auto-connect profile in this + device is not allowed by admin policy.