From patchwork Tue Aug 3 11:43:05 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Howard Chung X-Patchwork-Id: 12416045 X-Patchwork-Delegate: luiz.dentz@gmail.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-26.3 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, USER_AGENT_GIT,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id AC8CFC4338F for ; Tue, 3 Aug 2021 11:43:33 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 9254160EE9 for ; Tue, 3 Aug 2021 11:43:33 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235616AbhHCLnn (ORCPT ); Tue, 3 Aug 2021 07:43:43 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45426 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235560AbhHCLnm (ORCPT ); Tue, 3 Aug 2021 07:43:42 -0400 Received: from mail-pl1-x649.google.com (mail-pl1-x649.google.com [IPv6:2607:f8b0:4864:20::649]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C0677C061757 for ; Tue, 3 Aug 2021 04:43:30 -0700 (PDT) Received: by mail-pl1-x649.google.com with SMTP id d10-20020a170902e14ab029012ccda38630so862617pla.15 for ; Tue, 03 Aug 2021 04:43:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=jJr8Pj0oZi3uk1UfApDjJ/uA6UIySU3eGXKkrZPI+TI=; b=uY3eSxva/IshEHaeLnV67BRybKCeU4uXYg5AytfXon/vo9mPal1ALKBvzz1oO6xbEx DdK6LlA9XSU+1uYHVI1WOLtsx1l7T8X5X9Y3Jlr2FYGPQSO5rbcDRRiuIS+rCtRotoNl H4YoqMrzxq3e5ggHT+aCQMnVmhrdciFXvxf5NN4oFzWioaj5HdIvyVumYvLx3Rt6Rkmx tndv28Lap/7hG6AlrTlNed0w4VI0XCg7t8rQ/NBaFl208eGTeRcjiWET5fg8PWNPvf5D Tf2ZhHvgB44xuq/3ihiznXEa5eHpaO22OGjH7RyoMSYYuMvZRwjCYlmotk39BBXoLc04 1huA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=jJr8Pj0oZi3uk1UfApDjJ/uA6UIySU3eGXKkrZPI+TI=; b=hp73+MemdQ4EXQOj3hvY+r8TBrMHROo2JiEoILH6Wx2+B9AaYOWNXhczsB2kcS3LWN aZMtzqPiTL1BghJPKBkINQc/KxggJMCXwM36PACLEsf/Y9NrjPYYGTwQU/Iqpuq2h52D DWM6dQjEDTMkFGc9LKoEnfySwLRibcA7XRNenwuglIlZIyFGEBl5eAjwarAIPDGTYoMn QtlE/xnBlXrk0HjOwhFfvzXvCSGYgk9MiESKGX3RIx2CFi0iL+CburMlBtIEXtqEaaB6 EWgrENjrKRm4/sVmeC+kv3gQnQRKKcsGGvkECapmWOUYrMS42+/4G9DTO5USCIpk6kh6 8nMg== X-Gm-Message-State: AOAM532VB4+R2fPPcGgBLt2lGSUSi4iioqZnGkU5lZ6UGLOVucDqxfUE 9bZzBBUBXAvmBstQWvZ8LsvYxzICQBzvF9RWjAHzcO71pXb+R8Fm/14UUUuZitcbClan5uyFaNS i4HyvtoIjPK3js1Qr6Ujt3NsSgbdd8H/OHxtohgfS/zwlkDDeqeip2ByU1yBJKMioNvl9Hqz1en XjSl3n5PcD8HI= X-Google-Smtp-Source: ABdhPJwD9TqM8D8ycgJQZDG7+vRcmM1AkeJdN+uhfhh1/4UR3Xixr6/gEBpjwMg+HyweZ9Xl3bUgRtElF0heW1kjaA== X-Received: from howardchung-p920.tpe.corp.google.com ([2401:fa00:1:10:ef55:8161:c77b:7a8d]) (user=howardchung job=sendgmr) by 2002:aa7:93b1:0:b029:3c0:a7b7:3db0 with SMTP id x17-20020aa793b10000b02903c0a7b73db0mr7306717pff.40.1627991010165; Tue, 03 Aug 2021 04:43:30 -0700 (PDT) Date: Tue, 3 Aug 2021 19:43:05 +0800 In-Reply-To: <20210803114317.801840-1-howardchung@google.com> Message-Id: <20210803194127.Bluez.v9.1.Ic71b1ed97538a06d02425ba502690bdab1c5d836@changeid> Mime-Version: 1.0 References: <20210803114317.801840-1-howardchung@google.com> X-Mailer: git-send-email 2.32.0.554.ge1b32706d8-goog Subject: [Bluez PATCH v9 01/13] core: add is_allowed property in btd_service From: Howard Chung To: linux-bluetooth@vger.kernel.org, luiz.dentz@gmail.com Cc: Yun-Hao Chung , Miao-chen Chou Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Yun-Hao Chung This adds is_allowed property in btd_service. When is_allowed is set to false, calling btd_service_connect and service_accept will fail and the existing service connection gets disconnected. Reviewed-by: Miao-chen Chou --- Changes in v9: - Fix gitlint error in patch 'core: add device callbacks to adapter driver' Changes in v8: - Remove changes in profiles/health/ Changes in v7: - Fix compiler errors in profiles/hdp.c Changes in v6: - include instead of in plugins/admin.c Changes in v5: - Fix compiler errors in plugins/admin.c Changes in v4: - Update commit message (admin_policy -> admin) - remove old plugins/admin_policy.c Changes in v3: - Rename plugins/admin_policy.c -> plugins/admin.c - Use device_added callback in btd_adapter_driver instead of listen for dbus - Add authorization method in profiles/health/mcap.c and block incoming connections in adapter authorization function. Changes in v2: - Move bt_uuid_hash and bt_uuid_equal functions to adapter.c. - Modify the criteria to say a device is `Affected` from any-of-uuid to any-of-auto-connect-profile. - Remove the code to remove/reprobe disallowed/allowed profiles, instead, check if the service is allowed in bt_io_accept connect_cb. - Fix a typo in emit_property_change in plugin/admin_policy.c:set_service_allowlist - Instead of using device_state_cb, utilize D-BUS client to watch device added/removed. - Add a document in doc/ src/service.c | 33 +++++++++++++++++++++++++++++++++ src/service.h | 2 ++ 2 files changed, 35 insertions(+) diff --git a/src/service.c b/src/service.c index 21a52762e637..84fbb208a7e9 100644 --- a/src/service.c +++ b/src/service.c @@ -41,6 +41,7 @@ struct btd_service { void *user_data; btd_service_state_t state; int err; + bool is_allowed; }; struct service_state_callback { @@ -133,6 +134,7 @@ struct btd_service *service_create(struct btd_device *device, service->device = device; /* Weak ref */ service->profile = profile; service->state = BTD_SERVICE_STATE_UNAVAILABLE; + service->is_allowed = true; return service; } @@ -186,6 +188,12 @@ int service_accept(struct btd_service *service) if (!service->profile->accept) return -ENOSYS; + if (!service->is_allowed) { + info("service %s is not allowed", + service->profile->remote_uuid); + return -ECONNABORTED; + } + err = service->profile->accept(service); if (!err) goto done; @@ -245,6 +253,12 @@ int btd_service_connect(struct btd_service *service) return -EBUSY; } + if (!service->is_allowed) { + info("service %s is not allowed", + service->profile->remote_uuid); + return -ECONNABORTED; + } + err = profile->connect(service); if (err == 0) { change_state(service, BTD_SERVICE_STATE_CONNECTING, 0); @@ -361,6 +375,25 @@ bool btd_service_remove_state_cb(unsigned int id) return false; } +void btd_service_set_allowed(struct btd_service *service, bool allowed) +{ + if (allowed == service->is_allowed) + return; + + service->is_allowed = allowed; + + if (!allowed && (service->state == BTD_SERVICE_STATE_CONNECTING || + service->state == BTD_SERVICE_STATE_CONNECTED)) { + btd_service_disconnect(service); + return; + } +} + +bool btd_service_is_allowed(struct btd_service *service) +{ + return service->is_allowed; +} + void btd_service_connecting_complete(struct btd_service *service, int err) { if (service->state != BTD_SERVICE_STATE_DISCONNECTED && diff --git a/src/service.h b/src/service.h index 88530cc17d53..5a2a02447b24 100644 --- a/src/service.h +++ b/src/service.h @@ -51,6 +51,8 @@ int btd_service_get_error(const struct btd_service *service); unsigned int btd_service_add_state_cb(btd_service_state_cb cb, void *user_data); bool btd_service_remove_state_cb(unsigned int id); +void btd_service_set_allowed(struct btd_service *service, bool allowed); +bool btd_service_is_allowed(struct btd_service *service); /* Functions used by profile implementation */ void btd_service_connecting_complete(struct btd_service *service, int err); From patchwork Tue Aug 3 11:43:06 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Howard Chung X-Patchwork-Id: 12416049 X-Patchwork-Delegate: luiz.dentz@gmail.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-21.3 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT, USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 66B88C4338F for ; Tue, 3 Aug 2021 11:44:26 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 48EE860ED6 for ; Tue, 3 Aug 2021 11:44:26 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235790AbhHCLoD (ORCPT ); Tue, 3 Aug 2021 07:44:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45452 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235689AbhHCLnr (ORCPT ); Tue, 3 Aug 2021 07:43:47 -0400 Received: from mail-qk1-x74a.google.com (mail-qk1-x74a.google.com [IPv6:2607:f8b0:4864:20::74a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8E109C061757 for ; Tue, 3 Aug 2021 04:43:34 -0700 (PDT) Received: by mail-qk1-x74a.google.com with SMTP id p123-20020a378d810000b02903ad5730c883so16336639qkd.22 for ; Tue, 03 Aug 2021 04:43:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=daRTlPam7ySTQ23fYq3GAxDt76pKQh//ucrhRFErG2E=; b=A2Mj34uxwMpk3gK2mAmOcX6ETbWJA4uSqvmUwSwz2yr551imLdDIhUb8qRwwEGTm+1 cSgbutlvQDSX73uSJ/ak1mTUigpU9b71KY1eXtPTczOXUn9lvQfXX7uPpt6C+lacqrUz 3kzdhAvQxo8D+C7XB90hXGqpagI9VUXViw+7y0es/wvQ6+2u9ulxcqtatyAtiAifwe6q 5quxBbTPFk4p9rlRS0ih484eBFua962PUYLQQ7ES45MrP+26AcdUtYvefEaDv105eJPo qO9Gnys/C/xWSDd6iJGtN2fXcJqHu2mrVf+k/596jRzYtQ+i8M+KZDwlJcsopA5lGHc7 /VOw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=daRTlPam7ySTQ23fYq3GAxDt76pKQh//ucrhRFErG2E=; b=hxsVtqGnveI+3zdvqMbnZ+h0JlUDK4HeBq/cbgilM46xyA8JFH4dyOW8K867gPMYWy NS2wZ7Is1eZopurhm+Chy1X0v2bZUnH/ZjrEteN+Q8kpydIoSJ/QbclGFTZ3S05eHEFd 1izXMXbTUM4M0KazoW5o4hZr3XH3MPbL2LWwl/LxTnKzJG7TG9JYQbeRbAZpBOLgXg4a 2xF5Gbn/5fPg1lUuBwrWtz4sr6jOjle3WUgkptoruRnUV7ekz2Cn48oHt4Ez1J8Gwn6a s4xkd41afI8+yAC4wUlLcBsHXUGj8oSx/VLQiy8Cnmqe+xAJpFDo18z4aQYVf9P6dpJi Zygg== X-Gm-Message-State: AOAM533COabP2LNS/T7bvcSqINAHqltBitb+a52zZdYSgpvcv1fEZKMb 1uD9SCRzZ6caIWkRntOLZDlYMZvIPG/CrkXkP/wAD4p8Gd+EEP4PHpuNxFMOHiQFGqlP17Rwykv O/lP+UlNSbnVu32IP0cfsWv1+Dj0lfTB/BHtHQYL0xX0H/62+f2a1Azi+dbQ8HoQ/nwok6xzCy3 7n7pnpZg935x4= X-Google-Smtp-Source: ABdhPJw8hfdlHUZ8Mek7lsKiaC66tkCAAtzFnrAeLtXh6snVCEDpN57AuQodyMd5ZkNhb9vC8WjQwVnZRsFXmE3klw== X-Received: from howardchung-p920.tpe.corp.google.com ([2401:fa00:1:10:ef55:8161:c77b:7a8d]) (user=howardchung job=sendgmr) by 2002:a05:6214:3a4:: with SMTP id m4mr20773324qvy.17.1627991013694; Tue, 03 Aug 2021 04:43:33 -0700 (PDT) Date: Tue, 3 Aug 2021 19:43:06 +0800 In-Reply-To: <20210803114317.801840-1-howardchung@google.com> Message-Id: <20210803194127.Bluez.v9.2.Iee308dd18bfdfd3dae9e343e78b3942ee462314f@changeid> Mime-Version: 1.0 References: <20210803114317.801840-1-howardchung@google.com> X-Mailer: git-send-email 2.32.0.554.ge1b32706d8-goog Subject: [Bluez PATCH v9 02/13] core: add device callbacks to adapter driver From: Howard Chung To: linux-bluetooth@vger.kernel.org, luiz.dentz@gmail.com Cc: Yun-Hao Chung Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Yun-Hao Chung This adds the following callbacks to btd_adapter_driver. device_added: called when a device is added to the adapter device_removed: called when a device is removed from the adapter device_resolved: called when all services of the device have been resolved. --- Changes in v9: - Fix gitlint error Changes in v8: - Add device_resolved. - Remove space before function pointer arguments. src/adapter.c | 74 +++++++++++++++++++++++++++++++++++++++++++++++---- src/adapter.h | 14 +++++++--- src/device.c | 2 ++ 3 files changed, 82 insertions(+), 8 deletions(-) diff --git a/src/adapter.c b/src/adapter.c index 663b778e4a5d..5a20f4c6239e 100644 --- a/src/adapter.c +++ b/src/adapter.c @@ -1216,6 +1216,9 @@ void adapter_service_remove(struct btd_adapter *adapter, uint32_t handle) remove_record_from_server(rec->handle); } +static void adapter_add_device(struct btd_adapter *adapter, + struct btd_device *device); + static struct btd_device *adapter_create_device(struct btd_adapter *adapter, const bdaddr_t *bdaddr, uint8_t bdaddr_type) @@ -1226,8 +1229,7 @@ static struct btd_device *adapter_create_device(struct btd_adapter *adapter, if (!device) return NULL; - adapter->devices = g_slist_append(adapter->devices, device); - + adapter_add_device(adapter, device); return device; } @@ -1254,6 +1256,9 @@ static void service_auth_cancel(struct service_auth *auth) g_free(auth); } +static void adapter_remove_device(struct btd_adapter *adapter, + struct btd_device *device); + void btd_adapter_remove_device(struct btd_adapter *adapter, struct btd_device *dev) { @@ -1261,7 +1266,7 @@ void btd_adapter_remove_device(struct btd_adapter *adapter, adapter->connect_list = g_slist_remove(adapter->connect_list, dev); - adapter->devices = g_slist_remove(adapter->devices, dev); + adapter_remove_device(adapter, dev); btd_adv_monitor_device_remove(adapter->adv_monitor_manager, dev); adapter->discovery_found = g_slist_remove(adapter->discovery_found, @@ -4222,6 +4227,7 @@ static void probe_devices(void *user_data) struct btd_device *device = user_data; device_probe_profiles(device, btd_device_get_uuids(device)); + device_resolved_drivers(device_get_adapter(device), device); } static bool load_bredr_defaults(struct btd_adapter *adapter, @@ -4576,7 +4582,7 @@ static void load_devices(struct btd_adapter *adapter) goto free; btd_device_set_temporary(device, false); - adapter->devices = g_slist_append(adapter->devices, device); + adapter_add_device(adapter, device); /* TODO: register services from pre-loaded list of primaries */ @@ -4738,6 +4744,62 @@ void adapter_remove_profile(struct btd_adapter *adapter, gpointer p) profile->adapter_remove(profile, adapter); } +static void device_added_drivers(struct btd_adapter *adapter, + struct btd_device *device) +{ + struct btd_adapter_driver *driver; + GSList *l; + + for (l = adapter_drivers; l; l = l->next) { + driver = l->data; + + if (driver->device_added) + driver->device_added(adapter, device); + } +} + +static void device_removed_drivers(struct btd_adapter *adapter, + struct btd_device *device) +{ + struct btd_adapter_driver *driver; + GSList *l; + + for (l = adapter_drivers; l; l = l->next) { + driver = l->data; + + if (driver->device_removed) + driver->device_removed(adapter, device); + } +} + +void device_resolved_drivers(struct btd_adapter *adapter, + struct btd_device *device) +{ + struct btd_adapter_driver *driver; + GSList *l; + + for (l = adapter_drivers; l; l = l->next) { + driver = l->data; + + if (driver->device_resolved) + driver->device_resolved(adapter, device); + } +} + +static void adapter_add_device(struct btd_adapter *adapter, + struct btd_device *device) +{ + adapter->devices = g_slist_append(adapter->devices, device); + device_added_drivers(adapter, device); +} + +static void adapter_remove_device(struct btd_adapter *adapter, + struct btd_device *device) +{ + adapter->devices = g_slist_remove(adapter->devices, device); + device_removed_drivers(adapter, device); +} + static void adapter_add_connection(struct btd_adapter *adapter, struct btd_device *device, uint8_t bdaddr_type) @@ -6355,8 +6417,10 @@ static void adapter_remove(struct btd_adapter *adapter) g_slist_free(adapter->connect_list); adapter->connect_list = NULL; - for (l = adapter->devices; l; l = l->next) + for (l = adapter->devices; l; l = l->next) { + device_removed_drivers(adapter, l->data); device_remove(l->data, FALSE); + } g_slist_free(adapter->devices); adapter->devices = NULL; diff --git a/src/adapter.h b/src/adapter.h index 60b5e3bcca34..3d69aeda14fb 100644 --- a/src/adapter.h +++ b/src/adapter.h @@ -105,11 +105,19 @@ void btd_adapter_set_class(struct btd_adapter *adapter, uint8_t major, struct btd_adapter_driver { const char *name; - int (*probe) (struct btd_adapter *adapter); - void (*remove) (struct btd_adapter *adapter); - void (*resume) (struct btd_adapter *adapter); + int (*probe)(struct btd_adapter *adapter); + void (*remove)(struct btd_adapter *adapter); + void (*resume)(struct btd_adapter *adapter); + void (*device_added)(struct btd_adapter *adapter, + struct btd_device *device); + void (*device_removed)(struct btd_adapter *adapter, + struct btd_device *device); + void (*device_resolved)(struct btd_adapter *adapter, + struct btd_device *device); }; +void device_resolved_drivers(struct btd_adapter *adapter, + struct btd_device *device); typedef void (*service_auth_cb) (DBusError *derr, void *user_data); void adapter_add_profile(struct btd_adapter *adapter, gpointer p); diff --git a/src/device.c b/src/device.c index b29aa195d19b..49dd57166532 100644 --- a/src/device.c +++ b/src/device.c @@ -2633,6 +2633,8 @@ static void device_svc_resolved(struct btd_device *dev, uint8_t browse_type, dev->svc_callbacks); g_free(cb); } + + device_resolved_drivers(dev->adapter, dev); } static struct bonding_req *bonding_request_new(DBusMessage *msg, From patchwork Tue Aug 3 11:43:07 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Howard Chung X-Patchwork-Id: 12416051 X-Patchwork-Delegate: luiz.dentz@gmail.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-26.3 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, USER_AGENT_GIT,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6CC07C432BE for ; Tue, 3 Aug 2021 11:44:27 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 529C460ED6 for ; Tue, 3 Aug 2021 11:44:27 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235699AbhHCLoh (ORCPT ); Tue, 3 Aug 2021 07:44:37 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45466 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235708AbhHCLnu (ORCPT ); Tue, 3 Aug 2021 07:43:50 -0400 Received: from mail-qv1-xf4a.google.com (mail-qv1-xf4a.google.com [IPv6:2607:f8b0:4864:20::f4a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 55216C0613D5 for ; Tue, 3 Aug 2021 04:43:38 -0700 (PDT) Received: by mail-qv1-xf4a.google.com with SMTP id v18-20020a0cdd920000b0290344e08aac15so3752966qvk.17 for ; Tue, 03 Aug 2021 04:43:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=qSw+bxsSECiUZfo9fAo/8Atu8cP/qkm1rNS09cA6DPA=; b=KcJ7xV1cJUpWTnaLXms/mMhREUqDaXWNeBqhrSFCvFhCdWHdZI71rHH+blv0BuxKR+ 1CnKrVOj2fIdO1SNAkHzcwNteiZ+ioPH5rLtgk/fRaSMipvE9NrWEzcsyzHa8PnkJxoT PQse4TtoPjiV37m9CJG57/Hf9wm5m+ydGphICD2kMG1nB4Thob5mQrMW6uTqasKLaOhJ htlHJfgKaorC10ItnHHfH5Jr1tCD7+pRd5tSP8QnbL+LqPUS48Cj2LvJvHxRq/kKyk86 JB+a9oyi9egLWh14IyYVZWMfz5WThf4iAEGjfFQeO2i+RPkesWqRK8GjnqK0+6Ca75G/ UNXQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=qSw+bxsSECiUZfo9fAo/8Atu8cP/qkm1rNS09cA6DPA=; b=EFi4EYgnxnLPq9N/xErbyrsw576vWbscWpTOsLU9nRbr9rTKaZPhC9IitBSWGPvRh/ feMDyq4UNNaVp5iQy1bTlZ8RQEUzanePR7tUI+inxkoLILlsUjjUpk5Ajt7y6zBIxwzY /JCFjkDCMxDxfPmAZTs8OJ6zTZkQF/Dvd959elg1N2GWeoJNS8FvKIO+80LqFeVzPB8H +5iTNR+KaR6EDB7bE6DGJH7a3J+O5DXJAeud0EWh9l6021k5iueM34WTgQvjLFez24Iz mY9meFZ9augm6xZy5TvN2jhNLPbI+0rjQX49GW12lC++cuUXpzq59CSt0fkHakuvnfgo I9Tg== X-Gm-Message-State: AOAM531uIP9dqap33RBT20o5b62tTx9oFradRjBYETaUX8oUE5nMszr3 JPUYvwWasgtnZQ+dzt+O8ek5IVTTzWNbAV2H289TtrvjU0FNj6t2tpPhQmsRQD7B/59/Ds9Aj5Z 6JYPzDfu+We0lXeDZ5oSaDT/hpSvYpoZJQNFssRw5CCnrN2FNiq8kHZ+dGxZal4x84GRmNL8GKU ab9ErIEeIXFWM= X-Google-Smtp-Source: ABdhPJw/kiQ3+1ZE3nPIZtVLhLQ7nt4ZVU/R20EN5xruDacLd56oHoRvXTFXikCHR/lBPZcV3K6nsH16HMp10tzyXQ== X-Received: from howardchung-p920.tpe.corp.google.com ([2401:fa00:1:10:ef55:8161:c77b:7a8d]) (user=howardchung job=sendgmr) by 2002:a05:6214:2aa7:: with SMTP id js7mr7393230qvb.51.1627991017420; Tue, 03 Aug 2021 04:43:37 -0700 (PDT) Date: Tue, 3 Aug 2021 19:43:07 +0800 In-Reply-To: <20210803114317.801840-1-howardchung@google.com> Message-Id: <20210803194127.Bluez.v9.3.Ibc0b5f02cb249f9aca9efe45e2dadc5e50b7d89e@changeid> Mime-Version: 1.0 References: <20210803114317.801840-1-howardchung@google.com> X-Mailer: git-send-email 2.32.0.554.ge1b32706d8-goog Subject: [Bluez PATCH v9 03/13] core: add adapter and device allowed_uuid functions From: Howard Chung To: linux-bluetooth@vger.kernel.org, luiz.dentz@gmail.com Cc: Yun-Hao Chung , Miao-chen Chou Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Yun-Hao Chung This implements functions in src/adapter.c and src/device.c for plugins setting a list of allowed services. Reviewed-by: Miao-chen Chou --- (no changes since v1) src/adapter.c | 90 +++++++++++++++++++++++++++++++++++++++++++++++++++ src/adapter.h | 8 +++++ src/device.c | 63 +++++++++++++++++++++++++++++++++++- src/device.h | 2 ++ 4 files changed, 162 insertions(+), 1 deletion(-) diff --git a/src/adapter.c b/src/adapter.c index 5a20f4c6239e..0ca4b4f6ff56 100644 --- a/src/adapter.c +++ b/src/adapter.c @@ -260,6 +260,8 @@ struct btd_adapter { struct btd_battery_provider_manager *battery_provider_manager; + GHashTable *allowed_uuid_set; /* Set of allowed service UUIDs */ + gboolean initialized; GSList *pin_callbacks; @@ -3494,6 +3496,93 @@ static DBusMessage *connect_device(DBusConnection *conn, return NULL; } +static void update_device_allowed_services(void *data, void *user_data) +{ + struct btd_device *device = data; + + btd_device_update_allowed_services(device); +} + +static void add_uuid_to_uuid_set(void *data, void *user_data) +{ + bt_uuid_t *uuid = data; + GHashTable *uuid_set = user_data; + + if (!uuid) { + error("Found NULL in UUID allowed list"); + return; + } + + g_hash_table_add(uuid_set, uuid); +} + +static guint bt_uuid_hash(gconstpointer key) +{ + const bt_uuid_t *uuid = key; + bt_uuid_t uuid_128; + uint64_t *val; + + if (!uuid) + return 0; + + bt_uuid_to_uuid128(uuid, &uuid_128); + val = (uint64_t *)&uuid_128.value.u128; + + return g_int64_hash(val) ^ g_int64_hash(val+1); +} + +static gboolean bt_uuid_equal(gconstpointer v1, gconstpointer v2) +{ + const bt_uuid_t *uuid1 = v1; + const bt_uuid_t *uuid2 = v2; + + if (!uuid1 || !uuid2) + return !uuid1 && !uuid2; + + return bt_uuid_cmp(uuid1, uuid2) == 0; +} + +bool btd_adapter_set_allowed_uuids(struct btd_adapter *adapter, + struct queue *uuids) +{ + if (!adapter) + return false; + + if (adapter->allowed_uuid_set) + g_hash_table_destroy(adapter->allowed_uuid_set); + + adapter->allowed_uuid_set = g_hash_table_new(bt_uuid_hash, + bt_uuid_equal); + if (!adapter->allowed_uuid_set) { + btd_error(adapter->dev_id, + "Failed to allocate allowed_uuid_set"); + return false; + } + + queue_foreach(uuids, add_uuid_to_uuid_set, adapter->allowed_uuid_set); + g_slist_foreach(adapter->devices, update_device_allowed_services, NULL); + + return true; +} + +bool btd_adapter_is_uuid_allowed(struct btd_adapter *adapter, + const char *uuid_str) +{ + bt_uuid_t uuid; + + if (!adapter || !adapter->allowed_uuid_set) + return true; + + if (bt_string_to_uuid(&uuid, uuid_str)) { + btd_error(adapter->dev_id, + "Failed to parse UUID string '%s'", uuid_str); + return false; + } + + return !g_hash_table_size(adapter->allowed_uuid_set) || + g_hash_table_contains(adapter->allowed_uuid_set, &uuid); +} + static const GDBusMethodTable adapter_methods[] = { { GDBUS_ASYNC_METHOD("StartDiscovery", NULL, NULL, start_discovery) }, { GDBUS_METHOD("SetDiscoveryFilter", @@ -5466,6 +5555,7 @@ static void adapter_free(gpointer user_data) g_free(adapter->stored_alias); g_free(adapter->current_alias); free(adapter->modalias); + g_hash_table_destroy(adapter->allowed_uuid_set); g_free(adapter); } diff --git a/src/adapter.h b/src/adapter.h index 3d69aeda14fb..35fa9fc5fd1f 100644 --- a/src/adapter.h +++ b/src/adapter.h @@ -25,6 +25,7 @@ struct btd_adapter; struct btd_device; +struct queue; struct btd_adapter *btd_adapter_get_default(void); bool btd_adapter_is_default(struct btd_adapter *adapter); @@ -97,6 +98,8 @@ void adapter_service_remove(struct btd_adapter *adapter, uint32_t handle); struct agent *adapter_get_agent(struct btd_adapter *adapter); +bool btd_adapter_uuid_is_allowed(struct btd_adapter *adapter, const char *uuid); + struct btd_adapter *btd_adapter_ref(struct btd_adapter *adapter); void btd_adapter_unref(struct btd_adapter *adapter); @@ -248,3 +251,8 @@ enum kernel_features { }; bool btd_has_kernel_features(uint32_t feature); + +bool btd_adapter_set_allowed_uuids(struct btd_adapter *adapter, + struct queue *uuids); +bool btd_adapter_is_uuid_allowed(struct btd_adapter *adapter, + const char *uuid_str); diff --git a/src/device.c b/src/device.c index 49dd57166532..8071068123f2 100644 --- a/src/device.c +++ b/src/device.c @@ -1929,6 +1929,56 @@ static int service_prio_cmp(gconstpointer a, gconstpointer b) return p2->priority - p1->priority; } +bool btd_device_all_services_allowed(struct btd_device *dev) +{ + GSList *l; + struct btd_adapter *adapter = dev->adapter; + struct btd_service *service; + struct btd_profile *profile; + + for (l = dev->services; l != NULL; l = g_slist_next(l)) { + service = l->data; + profile = btd_service_get_profile(service); + + if (!profile || !profile->auto_connect) + continue; + + if (!btd_adapter_is_uuid_allowed(adapter, profile->remote_uuid)) + return false; + } + + return true; +} + +void btd_device_update_allowed_services(struct btd_device *dev) +{ + struct btd_adapter *adapter = dev->adapter; + struct btd_service *service; + struct btd_profile *profile; + GSList *l; + bool is_allowed; + char addr[18]; + + /* If service discovery is ongoing, let the service discovery complete + * callback call this function. + */ + if (dev->browse) { + ba2str(&dev->bdaddr, addr); + DBG("service discovery of %s is ongoing. Skip updating allowed " + "services", addr); + return; + } + + for (l = dev->services; l != NULL; l = g_slist_next(l)) { + service = l->data; + profile = btd_service_get_profile(service); + + is_allowed = btd_adapter_is_uuid_allowed(adapter, + profile->remote_uuid); + btd_service_set_allowed(service, is_allowed); + } +} + static GSList *create_pending_list(struct btd_device *dev, const char *uuid) { struct btd_service *service; @@ -1937,9 +1987,14 @@ static GSList *create_pending_list(struct btd_device *dev, const char *uuid) if (uuid) { service = find_connectable_service(dev, uuid); - if (service) + + if (!service) + return dev->pending; + + if (btd_service_is_allowed(service)) return g_slist_prepend(dev->pending, service); + info("service %s is blocked", uuid); return dev->pending; } @@ -1950,6 +2005,11 @@ static GSList *create_pending_list(struct btd_device *dev, const char *uuid) if (!p->auto_connect) continue; + if (!btd_service_is_allowed(service)) { + info("service %s is blocked", p->remote_uuid); + continue; + } + if (g_slist_find(dev->pending, service)) continue; @@ -2634,6 +2694,7 @@ static void device_svc_resolved(struct btd_device *dev, uint8_t browse_type, g_free(cb); } + btd_device_update_allowed_services(dev); device_resolved_drivers(dev->adapter, dev); } diff --git a/src/device.h b/src/device.h index 4ae9abe0dbb4..5f615cb4b6b2 100644 --- a/src/device.h +++ b/src/device.h @@ -175,5 +175,7 @@ uint32_t btd_device_get_current_flags(struct btd_device *dev); void btd_device_flags_changed(struct btd_device *dev, uint32_t supported_flags, uint32_t current_flags); +bool btd_device_all_services_allowed(struct btd_device *dev); +void btd_device_update_allowed_services(struct btd_device *dev); void btd_device_init(void); void btd_device_cleanup(void); From patchwork Tue Aug 3 11:43:08 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Howard Chung X-Patchwork-Id: 12416079 X-Patchwork-Delegate: luiz.dentz@gmail.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-21.3 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT, USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 527BFC4320A for ; Tue, 3 Aug 2021 11:46:32 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 31B7760F35 for ; Tue, 3 Aug 2021 11:46:32 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235971AbhHCLoo (ORCPT ); Tue, 3 Aug 2021 07:44:44 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45488 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235681AbhHCLnz (ORCPT ); Tue, 3 Aug 2021 07:43:55 -0400 Received: from mail-yb1-xb49.google.com (mail-yb1-xb49.google.com [IPv6:2607:f8b0:4864:20::b49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 365D3C06179A for ; Tue, 3 Aug 2021 04:43:42 -0700 (PDT) Received: by mail-yb1-xb49.google.com with SMTP id 16-20020a250b100000b029055791ebe1e6so22761898ybl.20 for ; Tue, 03 Aug 2021 04:43:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=b/tp9qPc1ZnMdrHLzMJAUnrnMira869jxfHG/TPZ/u8=; b=VF23ZivbdSXYTWGC/enst2V8RDUXp+yMyWQ2hYPR0AWuA7mrN/Kt9r7X2B5ZDZzAbk b8pNeKodvsgvMEhv/pz5b5hlEcOc/xz6THxia0UlotSWEoJH4P5X19evJozF78k5tNbC re3FmkJjNc1DOBQ9RFahnhBJ9KKZ/x6XsuwdzzNXWLvLxWMzR9LNbSzd2Sy/qSKk/g+8 wxh5ap6CSq1TZ4W6ZHSZbcTzlEndvb8w5DjPIMPygiaU12VicxBltPqhyrZ3DA7pbcP0 6P6oP1v71cLRxpcuaToUdWLaSSLWraUF2qfMsCFE1tDrmaxcJnbQ0uBuqNcYIe+FGvoc Itgw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=b/tp9qPc1ZnMdrHLzMJAUnrnMira869jxfHG/TPZ/u8=; b=M/hE0urAwtH17ME5ik5Xxnvs0bxw8Icw53yqkGQR0Bq+bMgEhXrpAon03SO9P4958A zyhF5QMdFIUyP2u9HwRoKq0bxIbPV0L6aCITI6WNoIQfodQsno/rtLX5Wouf+icK1Xhq PbNhC9eSs/WegaOIKHehFsw7/oo/7bho01wIuyjZipLHjFWGxRX2AQIIu9Cun3jiH/Ev ADqBIh+Bf966glhm735BNMQanO2h5ek/XDX3D8Ht5yhcPoYw9KSERAnlQ6hyB81KFTer fTGVTQLTBUWddK3l2EMPVti7vJHeUhdHce31Q+0R1ZMA827FZ0XqrJqTVr5jpkVrRwgp I/5Q== X-Gm-Message-State: AOAM533FTSH427+pAoR52BzdM0UYw4n2LDXptzyrYSrlTq8OAiTcPdwo kuSLvwKVOr0Gcj+cly8uYD5UAqpo5r1EJASwUA+rLDc+tPr/MQJBgeIpwewXECqF4HvhAopiaMQ 4FXlwM4qXwbogB+VG5st/K+de80AiLvbonl2FRnk930cUnTfDyg4M2TQHX2YC6OQzonVjlwW8Bm e3ha23Dqvlm7I= X-Google-Smtp-Source: ABdhPJzeqWkVg1gUrkboVkOih2ykrZe5Ug0o1IJkJQhZR3mtNKsNKiWJ+LajPFhUaMuJjX37/yyk1fwgDdcjivIrMg== X-Received: from howardchung-p920.tpe.corp.google.com ([2401:fa00:1:10:ef55:8161:c77b:7a8d]) (user=howardchung job=sendgmr) by 2002:a25:bec2:: with SMTP id k2mr28804346ybm.234.1627991021403; Tue, 03 Aug 2021 04:43:41 -0700 (PDT) Date: Tue, 3 Aug 2021 19:43:08 +0800 In-Reply-To: <20210803114317.801840-1-howardchung@google.com> Message-Id: <20210803194127.Bluez.v9.4.Ia4dc489979e4bf7ffa3421199b1b9fd8d7f00bbc@changeid> Mime-Version: 1.0 References: <20210803114317.801840-1-howardchung@google.com> X-Mailer: git-send-email 2.32.0.554.ge1b32706d8-goog Subject: [Bluez PATCH v9 04/13] core: block not allowed UUID connect in auth From: Howard Chung To: linux-bluetooth@vger.kernel.org, luiz.dentz@gmail.com Cc: Yun-Hao Chung Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Yun-Hao Chung This ensures any incoming profile connection will be blocked if its UUID is not allowed by the following assumption: 1. Each system profile asks adapter authorization when seeing a incoming connection. 2. Each external profile checks if its UUID is allowed by adapter when seeing a incoming connection. --- The following test steps were performed after enabling admin plugin: 1. Set ServiceAllowList to ["1234"]. 2. Turn on a paired classic keyboard. Verify it can not be connected. 3. Set ServiceAllowList to ["1800","1801","180A","180F","1812"] 4. Turn off and turn on the keyboard. Verift it can be connected. (no changes since v1) src/adapter.c | 5 +++++ src/profile.c | 11 +++++++++++ 2 files changed, 16 insertions(+) diff --git a/src/adapter.c b/src/adapter.c index 0ca4b4f6ff56..3c2008285fbd 100644 --- a/src/adapter.c +++ b/src/adapter.c @@ -7182,6 +7182,11 @@ static gboolean process_auth_queue(gpointer user_data) if (auth->svc_id > 0) return FALSE; + if (!btd_adapter_is_uuid_allowed(adapter, auth->uuid)) { + auth->cb(&err, auth->user_data); + goto next; + } + if (device_is_trusted(device) == TRUE) { auth->cb(NULL, auth->user_data); goto next; diff --git a/src/profile.c b/src/profile.c index 60d17b6ae657..e1bebf1ee19c 100644 --- a/src/profile.c +++ b/src/profile.c @@ -1249,6 +1249,11 @@ static void ext_confirm(GIOChannel *io, gpointer user_data) DBG("incoming connect from %s", addr); + if (!btd_adapter_is_uuid_allowed(adapter_find(&src), uuid)) { + info("UUID %s is not allowed. Igoring the connection", uuid); + return; + } + conn = create_conn(server, io, &src, &dst); if (conn == NULL) return; @@ -1272,6 +1277,7 @@ static void ext_direct_connect(GIOChannel *io, GError *err, gpointer user_data) struct ext_profile *ext = server->ext; GError *gerr = NULL; struct ext_io *conn; + const char *uuid = ext->service ? ext->service : ext->uuid; bdaddr_t src, dst; bt_io_get(io, &gerr, @@ -1285,6 +1291,11 @@ static void ext_direct_connect(GIOChannel *io, GError *err, gpointer user_data) return; } + if (!btd_adapter_is_uuid_allowed(adapter_find(&src), uuid)) { + info("UUID %s is not allowed. Igoring the connection", uuid); + return; + } + conn = create_conn(server, io, &src, &dst); if (conn == NULL) return; From patchwork Tue Aug 3 11:43:09 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Howard Chung X-Patchwork-Id: 12416077 X-Patchwork-Delegate: luiz.dentz@gmail.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-26.3 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, USER_AGENT_GIT,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7410BC432BE for ; Tue, 3 Aug 2021 11:46:21 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 62AF96023B for ; Tue, 3 Aug 2021 11:46:21 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236038AbhHCLop (ORCPT ); Tue, 3 Aug 2021 07:44:45 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45498 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234693AbhHCLn5 (ORCPT ); Tue, 3 Aug 2021 07:43:57 -0400 Received: from mail-yb1-xb4a.google.com (mail-yb1-xb4a.google.com [IPv6:2607:f8b0:4864:20::b4a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CA48CC06175F for ; Tue, 3 Aug 2021 04:43:45 -0700 (PDT) Received: by mail-yb1-xb4a.google.com with SMTP id f3-20020a25cf030000b029055a2303fc2dso22574803ybg.11 for ; Tue, 03 Aug 2021 04:43:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=mDdEFCjpHD/uWglCa7g2e7wWzLT0QoSSZnVpKWZCPo4=; b=sOR0vGFXbXEJ7HK7fHJQ0NbV+cMlmdzOlXAwaTfCkqpvTcYMO4YYyFtXffII8yQZEY iteQg1cscKQCaEWm9uVTF3pH4PsWYpaFjXwjKlUIkeOFCAlegAVAYJmIf0jhzy11bD4f /AZX7DjjqXWBq3o8WsIatSn9twe72/PHwlmLe7EdyS2gF8JWHkIWJ852GqLXsd965slW 6ZBRwzo6oNNRFb+su+M1KTMxe/8v/xYvO6GnKHK+JcuJqXHu27VPqB72C/4fCskOZfsz 9wbdL9ZGh9uiOLNIhSvgaR1/9yvcWq52RrB36IU3N4h2yf64ICoovjUonyWZgptY/nal Otzg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=mDdEFCjpHD/uWglCa7g2e7wWzLT0QoSSZnVpKWZCPo4=; b=KR08obdu0HyJS3I6lJ3elUYKhJycG1KVkrAunSTy7RZ689BELF4AB68T/IVvU2nVt2 0hI4aTQXFJazhwVtW1SG4e30whFg2g4EHDVlJhqvmJR9W/2pVVVvoQy/qDPuFBpQi5Mn ptcWoWYSUIi08Gh19sV441wC0+qN8Bqxq+Q3dCTdFWdnuYWFXTL1RB2tgEqL/xd98rRx lVm/lpu2mk2BSSEbZvHb+ue5SUGIBzgy5iJ0EVNon8GTjkMwi9Rl1RZO5nxyZ+8oQUu5 d16Dp5CPbpFlJFgULo8K7GSdVNALeqzoInDs6MqAMFVjVmAlTGTkBYaLvuQ6EGqv+eH/ c+Vg== X-Gm-Message-State: AOAM531SVRLSVGl5wnidQLer9vaXVs8Pb6ma3iPXX6PyQt0sZHqr/3yX 00B161xbEa0Hg+MIm1i300kII5w9klbGOsnexrho8lQpsZgmldT0al175LAxrye2AvQKWvwymdd mwc8N52tcT4k5LmAdFIDULseUa7xfE5+i829+bEy9uPDLcFWZhlrvKBA16bB1nU2X8A1cby7U6n ijMtMMyFE2loc= X-Google-Smtp-Source: ABdhPJzfAv8QlMxiz1QTtRIa/LijjVoqNVeHFt0WCJW+JTcumD70cyDiSCo5xNsQznbEgQWFcpAJFPIW5oqbxbDBOQ== X-Received: from howardchung-p920.tpe.corp.google.com ([2401:fa00:1:10:ef55:8161:c77b:7a8d]) (user=howardchung job=sendgmr) by 2002:a25:2785:: with SMTP id n127mr26741690ybn.235.1627991025047; Tue, 03 Aug 2021 04:43:45 -0700 (PDT) Date: Tue, 3 Aug 2021 19:43:09 +0800 In-Reply-To: <20210803114317.801840-1-howardchung@google.com> Message-Id: <20210803194127.Bluez.v9.5.Id0842634d98a21fbdfa5cc72c76a462a98bf6f40@changeid> Mime-Version: 1.0 References: <20210803114317.801840-1-howardchung@google.com> X-Mailer: git-send-email 2.32.0.554.ge1b32706d8-goog Subject: [Bluez PATCH v9 05/13] plugins: new plugin From: Howard Chung To: linux-bluetooth@vger.kernel.org, luiz.dentz@gmail.com Cc: Yun-Hao Chung , Miao-chen Chou Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Yun-Hao Chung This adds an initial code for a new plugin admin. Reviewed-by: Miao-chen Chou --- (no changes since v1) Makefile.plugins | 5 +++++ bootstrap-configure | 1 + configure.ac | 4 ++++ plugins/admin.c | 30 ++++++++++++++++++++++++++++++ 4 files changed, 40 insertions(+) create mode 100644 plugins/admin.c diff --git a/Makefile.plugins b/Makefile.plugins index 4e6a72b0bdf6..69fb01001cc6 100644 --- a/Makefile.plugins +++ b/Makefile.plugins @@ -11,6 +11,11 @@ builtin_sources += plugins/autopair.c builtin_modules += policy builtin_sources += plugins/policy.c +if ADMIN +builtin_modules += admin +builtin_sources += plugins/admin.c +endif + if NFC builtin_modules += neard builtin_sources += plugins/neard.c diff --git a/bootstrap-configure b/bootstrap-configure index 0efd83abc2c4..a34be832068e 100755 --- a/bootstrap-configure +++ b/bootstrap-configure @@ -30,4 +30,5 @@ fi --enable-pie \ --enable-cups \ --enable-library \ + --enable-admin \ --disable-datafiles $* diff --git a/configure.ac b/configure.ac index a5afaea6cfcd..0744860b89fb 100644 --- a/configure.ac +++ b/configure.ac @@ -364,6 +364,10 @@ AC_ARG_ENABLE(logger, AC_HELP_STRING([--enable-logger], [enable HCI logger service]), [enable_logger=${enableval}]) AM_CONDITIONAL(LOGGER, test "${enable_logger}" = "yes") +AC_ARG_ENABLE(admin, AC_HELP_STRING([--enable-admin], + [enable admin policy plugin]), [enable_admin=${enableval}]) +AM_CONDITIONAL(ADMIN, test "${enable_admin}" = "yes") + if (test "${prefix}" = "NONE"); then dnl no prefix and no localstatedir, so default to /var if (test "$localstatedir" = '${prefix}/var'); then diff --git a/plugins/admin.c b/plugins/admin.c new file mode 100644 index 000000000000..42866bcf7be2 --- /dev/null +++ b/plugins/admin.c @@ -0,0 +1,30 @@ +// SPDX-License-Identifier: LGPL-2.1-or-later +/* + * + * BlueZ - Bluetooth protocol stack for Linux + * + * Copyright (C) 2021 Google LLC + * + * + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include "src/log.h" +#include "src/plugin.h" + +static int admin_init(void) +{ + DBG(""); +} + +static void admin_exit(void) +{ + DBG(""); +} + +BLUETOOTH_PLUGIN_DEFINE(admin, VERSION, + BLUETOOTH_PLUGIN_PRIORITY_DEFAULT, + admin_init, admin_exit) From patchwork Tue Aug 3 11:43:10 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Howard Chung X-Patchwork-Id: 12416057 X-Patchwork-Delegate: luiz.dentz@gmail.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-26.3 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, USER_AGENT_GIT,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id EF6E5C4320E for ; Tue, 3 Aug 2021 11:44:33 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id CAB796104F for ; Tue, 3 Aug 2021 11:44:33 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235942AbhHCLon (ORCPT ); Tue, 3 Aug 2021 07:44:43 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45510 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235657AbhHCLoA (ORCPT ); Tue, 3 Aug 2021 07:44:00 -0400 Received: from mail-qv1-xf4a.google.com (mail-qv1-xf4a.google.com [IPv6:2607:f8b0:4864:20::f4a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5728AC061757 for ; Tue, 3 Aug 2021 04:43:49 -0700 (PDT) Received: by mail-qv1-xf4a.google.com with SMTP id a17-20020a0cefd10000b0290341c3c56ff4so7931452qvt.19 for ; Tue, 03 Aug 2021 04:43:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=ov+ljL+WLImh2UNgqiJukm2dfT5futa1Kc0R7vlTCyc=; b=JZ18kj76DRajRy75DTS4X3KCHV+9sNb6aHTMFDiUJMjI96FZzcqqctKri8IQNB7EZZ FuWQM/HACx4eH0IlZGUh7AvH+q+2L8K8vcPNwoEDCueUP06aZpKLl/SjmiLUqrC7BPo3 jacdbAHy5eZnsBP5a2Y8zTNIw6ds0r6qM2r9LEzSaVgeHvtrby3Y9MacHK8A8FC4o1IQ 321SEXYnum27gP9t5/4m5fz5ZxHyKu3OPqyBqMQP8aivVna+qGtK7DyfVXx9ncJsg6ow dd5nleceVmQgqp7OCR69x2RpReacN0LKdkDxUgvwWsgKcndNgyGkK0xy3ocFfNd3SE04 Bwjw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=ov+ljL+WLImh2UNgqiJukm2dfT5futa1Kc0R7vlTCyc=; b=EHc39mPZsdAH7PKW5+VNF6ie6xif8+hPog5d13HWzZkE8+thjVTThTpAzBjrbIsSqm OCLDZfFik8pAP/sM7UOoJU47fD/8A1M4XGxPJb6nqryLZDAp5ibvM/MYC3B60lIKMskQ vx7gp+CAZz3fd0RJMevwW2TmW+VjkVTzZ5tjQhlKa7G8VPp8+Kkf4EMWDvLLZyR6iCvX 9vZIKvCjv8Q1DyDJ2JwmPos8i5sNa1YNyOleC9Cz8RNsPxU9yRDgu7svc3YZjOWa9OAr SM4gB1CHUTguEV85EwQ3aGIflwUWvuFGC9z6Wp9jnJTc9gSI5y0GajM3Dz/GudT0SFFZ DBCQ== X-Gm-Message-State: AOAM532UVqp774HQSWGFPwOGGqQg5PbjClDf4YyIufcG+4Mv4xHrvA1x PwM+EZf90nkDaNXnTWE3QeTHaMY8Ifd/O/Wiri6U1f+IF8FxjqZ3i4iuZgN5/5y4yYotedIXjr4 eBfHavYBYUDhodtn4jvWXQT5JY/GvJ5hcFEweWr5IgrlGCspMRcyjwkeApT7NLA7H4gtDLN3py6 vGY93tAtaOydg= X-Google-Smtp-Source: ABdhPJx+8LzL0qPbegqgAOq2XuBrX8GKXW68n9Nb01TYR3nvLUkRHHpXZWNBebDKQ7h5L2IWPIrh+XsKffK7Aq6iMg== X-Received: from howardchung-p920.tpe.corp.google.com ([2401:fa00:1:10:ef55:8161:c77b:7a8d]) (user=howardchung job=sendgmr) by 2002:a0c:ead1:: with SMTP id y17mr20992154qvp.12.1627991028514; Tue, 03 Aug 2021 04:43:48 -0700 (PDT) Date: Tue, 3 Aug 2021 19:43:10 +0800 In-Reply-To: <20210803114317.801840-1-howardchung@google.com> Message-Id: <20210803194127.Bluez.v9.6.I29607be7ac91b0a494ab51713ba14f583eb858ed@changeid> Mime-Version: 1.0 References: <20210803114317.801840-1-howardchung@google.com> X-Mailer: git-send-email 2.32.0.554.ge1b32706d8-goog Subject: [Bluez PATCH v9 06/13] plugins/admin: add admin_policy adapter driver From: Howard Chung To: linux-bluetooth@vger.kernel.org, luiz.dentz@gmail.com Cc: Yun-Hao Chung , Miao-chen Chou Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Yun-Hao Chung This adds code to register admin_policy driver to adapter when admin plugin is enabled. The following test steps were performed: 1. restart bluetoothd 2. check if "Admin Policy is enabled" in system log Reviewed-by: Miao-chen Chou --- (no changes since v1) plugins/admin.c | 67 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 67 insertions(+) diff --git a/plugins/admin.c b/plugins/admin.c index 42866bcf7be2..923e08cb836b 100644 --- a/plugins/admin.c +++ b/plugins/admin.c @@ -12,17 +12,84 @@ #include #endif +#include "lib/bluetooth.h" + +#include "src/adapter.h" +#include "src/error.h" #include "src/log.h" #include "src/plugin.h" +#include "src/shared/queue.h" + +/* |policy_data| has the same life cycle as btd_adapter */ +static struct btd_admin_policy { + struct btd_adapter *adapter; + uint16_t adapter_id; +} *policy_data = NULL; + +static struct btd_admin_policy *admin_policy_new(struct btd_adapter *adapter) +{ + struct btd_admin_policy *admin_policy = NULL; + + admin_policy = g_try_malloc(sizeof(*admin_policy)); + if (!admin_policy) { + btd_error(btd_adapter_get_index(adapter), + "Failed to allocate memory for admin_policy"); + return NULL; + } + + admin_policy->adapter = adapter; + admin_policy->adapter_id = btd_adapter_get_index(adapter); + + return admin_policy; +} + +static void admin_policy_free(void *data) +{ + struct btd_admin_policy *admin_policy = data; + + g_free(admin_policy); +} + +static int admin_policy_adapter_probe(struct btd_adapter *adapter) +{ + if (policy_data) { + btd_warn(policy_data->adapter_id, + "Policy data already exists"); + admin_policy_free(policy_data); + policy_data = NULL; + } + + policy_data = admin_policy_new(adapter); + if (!policy_data) + return -ENOMEM; + + btd_info(policy_data->adapter_id, "Admin Policy has been enabled"); + + return 0; +} + +static struct btd_adapter_driver admin_policy_driver = { + .name = "admin_policy", + .probe = admin_policy_adapter_probe, + .resume = NULL, +}; + static int admin_init(void) { DBG(""); + + return btd_register_adapter_driver(&admin_policy_driver); } static void admin_exit(void) { DBG(""); + + btd_unregister_adapter_driver(&admin_policy_driver); + + if (policy_data) + admin_policy_free(policy_data); } BLUETOOTH_PLUGIN_DEFINE(admin, VERSION, From patchwork Tue Aug 3 11:43:11 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Howard Chung X-Patchwork-Id: 12416055 X-Patchwork-Delegate: luiz.dentz@gmail.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-26.3 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, USER_AGENT_GIT,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0651FC4338F for ; Tue, 3 Aug 2021 11:44:33 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id E2F4960ED6 for ; Tue, 3 Aug 2021 11:44:32 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235835AbhHCLol (ORCPT ); Tue, 3 Aug 2021 07:44:41 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45534 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235709AbhHCLoE (ORCPT ); Tue, 3 Aug 2021 07:44:04 -0400 Received: from mail-qt1-x84a.google.com (mail-qt1-x84a.google.com [IPv6:2607:f8b0:4864:20::84a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BCF54C06179E for ; Tue, 3 Aug 2021 04:43:52 -0700 (PDT) Received: by mail-qt1-x84a.google.com with SMTP id w11-20020ac857cb0000b029024e7e455d67so12746252qta.16 for ; Tue, 03 Aug 2021 04:43:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=+YRk0e87Fy4+hULeH4RsY+6kkkKU8k2ny1F7i1QOpA0=; b=llhECaFRodzgWhjTia9Qz8d2bQMaTPzppg/MYD3zPV0bwWqPhxCCueak5LYr/cpY32 IwiWMf8OgrTXH/tgkDFz4MFLTHpcN2NhgqvnOAiim+PFp4TJxJQV/UhKoYdH0Hlq2eBg DY/8nPQjGgEVVLa8PeFFcdPjwp8tKDEoap2Kp18v05chSxzZaJg05zxwjLVUgEOFPwX3 2Gv8eCJtWDU0AriizqeiFhji42qe7OVVq9w1TiwIKgJDOdinLs5Bu4xCIbBClwdQPmFO Po7jhPhXoAcsXBz6Pg9nOqy5FLre+JsZ/plgE/eKdoI5HbBppz2iameqGbWSm9WEr8Y4 5xaw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=+YRk0e87Fy4+hULeH4RsY+6kkkKU8k2ny1F7i1QOpA0=; b=Eq418wtl9npinGERMxiqz7s2s3RO0cMrIDYASJ8n0wK+DruDMEamcDdMDvUJoyQ4Kf dK2DOGoNhxkY8iniilz7TS7nMCmFMrQLFz6zg/mYG5nbDX+7RaQ3PnBdUeHb373PAQxz ayQjB0ZnhPUMbRxxrN71wtQwMwaibTsc93aGAgTYjWlR7PoebLZx90thOw2taZLZk2v2 8WW7T48Npia6oszfhU/r4FS+zqWO8gP8g5UMmyRjWlRaA/z2yi0jhnZEooxrJoYLlKbT MLN3Z52xoPYrcrU3+d5Fbl/TH5jKWnbxytDr29o3iTMfJJi243Zlr9vsUR9vU5S1ioOx D6uA== X-Gm-Message-State: AOAM532yJq8StfRqiwBxGvS6aBHURXHRljE5XfICJaPezstmI2JDw0PN Y2aD7w9VzvBsIOFtVOhp2etkuixDuJna5p3hbgFwuFzDH/SQy8fOsaJN/JPfl5QeFvOorE4cWji mciGmnFxefn23LCy0uxLqzqYqCxFA6VrncBnl8bmi2JcX8wG7YP8EW2MyQV9hu2iyTD0eZYGTtC rihwx438zs+mc= X-Google-Smtp-Source: ABdhPJztap7BgJa41xkcS5dfGVBdLJbEzO/5gIPkHWQ2ECMjP+mOJOxXYMOgy7KHzr/vsYEyJ2rNa/kYA1qt5sjMWg== X-Received: from howardchung-p920.tpe.corp.google.com ([2401:fa00:1:10:ef55:8161:c77b:7a8d]) (user=howardchung job=sendgmr) by 2002:ad4:5c4a:: with SMTP id a10mr20725524qva.59.1627991031861; Tue, 03 Aug 2021 04:43:51 -0700 (PDT) Date: Tue, 3 Aug 2021 19:43:11 +0800 In-Reply-To: <20210803114317.801840-1-howardchung@google.com> Message-Id: <20210803194127.Bluez.v9.7.Ifbb69dd6e371da3a914049a94615064479b9024b@changeid> Mime-Version: 1.0 References: <20210803114317.801840-1-howardchung@google.com> X-Mailer: git-send-email 2.32.0.554.ge1b32706d8-goog Subject: [Bluez PATCH v9 07/13] plugins/admin: add ServiceAllowList method From: Howard Chung To: linux-bluetooth@vger.kernel.org, luiz.dentz@gmail.com Cc: Yun-Hao Chung , Miao-chen Chou Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Yun-Hao Chung This adds code to register interface org.bluez.AdminPolicySet1. The interface will provide methods to limit users to operate certain functions of bluez, such as allow/disallow user to taggle adapter power, or only allow users to connect services in the specified list, etc. This patch also implements ServiceAllowlist in org.bluez.AdminPolicySet1. Reviewed-by: Miao-chen Chou --- The following test steps were performed: 1. Set ServiceAllowList to ["1108","110A","110B","110C","110D","110E", "110F","1112","111E","111F","1203"] ( users are only allowed to connect headset ) 2. Turn on paired WF1000XM3, and listen music on Youtube. 3. Turn on paired K830 (LE device), press any key on keyboard. 4. Turn on paired Samsung Bluetooth Keyboard EE-BT550 (BREDR device), press any key on keyboard. 5. Set ServiceAllowList to ["1124","180A","180F","1812"] ( users are only allowed to connect HID devices ) 6. Turn on paired WF1000XM3, and listen music on Youtube. 7. Turn on paired K830 (LE device), press any key on keyboard. 8. Turn on paired Samsung Bluetooth Keyboard EE-BT550 (BREDR device), press any key on keyboard. 9. Set ServiceAllowList to [] ( users are only allowed to connect any device. ) 10. Turn on paired WF1000XM3, and listen music on Youtube. 11. Turn on paired K830 (LE device), press any key on keyboard. 12. Turn on paired Samsung Bluetooth Keyboard EE-BT550 (BREDR device), press any key on keyboard. Expected results: Step 2,7,8,9,10,11 should success, and step 3,4,6 should fail. (no changes since v1) plugins/admin.c | 127 +++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 126 insertions(+), 1 deletion(-) diff --git a/plugins/admin.c b/plugins/admin.c index 923e08cb836b..1fe2904d93d9 100644 --- a/plugins/admin.c +++ b/plugins/admin.c @@ -12,19 +12,29 @@ #include #endif +#include +#include + #include "lib/bluetooth.h" +#include "lib/uuid.h" #include "src/adapter.h" +#include "src/dbus-common.h" #include "src/error.h" #include "src/log.h" #include "src/plugin.h" #include "src/shared/queue.h" +#define ADMIN_POLICY_SET_INTERFACE "org.bluez.AdminPolicySet1" + +static DBusConnection *dbus_conn; + /* |policy_data| has the same life cycle as btd_adapter */ static struct btd_admin_policy { struct btd_adapter *adapter; uint16_t adapter_id; + struct queue *service_allowlist; } *policy_data = NULL; static struct btd_admin_policy *admin_policy_new(struct btd_adapter *adapter) @@ -40,19 +50,120 @@ static struct btd_admin_policy *admin_policy_new(struct btd_adapter *adapter) admin_policy->adapter = adapter; admin_policy->adapter_id = btd_adapter_get_index(adapter); + admin_policy->service_allowlist = NULL; return admin_policy; } +static void free_service_allowlist(struct queue *q) +{ + queue_destroy(q, g_free); +} + static void admin_policy_free(void *data) { struct btd_admin_policy *admin_policy = data; + free_service_allowlist(admin_policy->service_allowlist); g_free(admin_policy); } +static struct queue *parse_allow_service_list(struct btd_adapter *adapter, + DBusMessage *msg) +{ + DBusMessageIter iter, arr_iter; + struct queue *uuid_list = NULL; + + dbus_message_iter_init(msg, &iter); + if (dbus_message_iter_get_arg_type(&iter) != DBUS_TYPE_ARRAY) + return NULL; + + uuid_list = queue_new(); + dbus_message_iter_recurse(&iter, &arr_iter); + do { + const int type = dbus_message_iter_get_arg_type(&arr_iter); + char *uuid_param; + bt_uuid_t *uuid; + + if (type == DBUS_TYPE_INVALID) + break; + + if (type != DBUS_TYPE_STRING) + goto failed; + + dbus_message_iter_get_basic(&arr_iter, &uuid_param); + + uuid = g_try_malloc(sizeof(*uuid)); + if (!uuid) + goto failed; + + if (bt_string_to_uuid(uuid, uuid_param)) { + g_free(uuid); + goto failed; + } + + queue_push_head(uuid_list, uuid); + + dbus_message_iter_next(&arr_iter); + } while (true); + + return uuid_list; + +failed: + queue_destroy(uuid_list, g_free); + return NULL; +} + +static bool service_allowlist_set(struct btd_admin_policy *admin_policy, + struct queue *uuid_list) +{ + struct btd_adapter *adapter = admin_policy->adapter; + + if (!btd_adapter_set_allowed_uuids(adapter, uuid_list)) + return false; + + free_service_allowlist(admin_policy->service_allowlist); + admin_policy->service_allowlist = uuid_list; + + return true; +} + +static DBusMessage *set_service_allowlist(DBusConnection *conn, + DBusMessage *msg, void *user_data) +{ + struct btd_admin_policy *admin_policy = user_data; + struct btd_adapter *adapter = admin_policy->adapter; + struct queue *uuid_list = NULL; + const char *sender = dbus_message_get_sender(msg); + + DBG("sender %s", sender); + + /* Parse parameters */ + uuid_list = parse_allow_service_list(adapter, msg); + if (!uuid_list) { + btd_error(admin_policy->adapter_id, + "Failed on parsing allowed service list"); + return btd_error_invalid_args(msg); + } + + if (!service_allowlist_set(admin_policy, uuid_list)) { + free_service_allowlist(uuid_list); + return btd_error_failed(msg, "service_allowlist_set failed"); + } + + return dbus_message_new_method_return(msg); +} + +static const GDBusMethodTable admin_policy_adapter_methods[] = { + { GDBUS_METHOD("SetServiceAllowList", GDBUS_ARGS({ "UUIDs", "as" }), + NULL, set_service_allowlist) }, + { } +}; + static int admin_policy_adapter_probe(struct btd_adapter *adapter) { + const char *adapter_path; + if (policy_data) { btd_warn(policy_data->adapter_id, "Policy data already exists"); @@ -64,8 +175,20 @@ static int admin_policy_adapter_probe(struct btd_adapter *adapter) if (!policy_data) return -ENOMEM; - btd_info(policy_data->adapter_id, "Admin Policy has been enabled"); + adapter_path = adapter_get_path(adapter); + if (!g_dbus_register_interface(dbus_conn, adapter_path, + ADMIN_POLICY_SET_INTERFACE, + admin_policy_adapter_methods, NULL, + NULL, policy_data, admin_policy_free)) { + btd_error(policy_data->adapter_id, + "Admin Policy Set interface init failed on path %s", + adapter_path); + return -EINVAL; + } + + btd_info(policy_data->adapter_id, + "Admin Policy Set interface registered"); return 0; } @@ -79,6 +202,8 @@ static int admin_init(void) { DBG(""); + dbus_conn = btd_get_dbus_connection(); + return btd_register_adapter_driver(&admin_policy_driver); } From patchwork Tue Aug 3 11:43:12 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Howard Chung X-Patchwork-Id: 12416053 X-Patchwork-Delegate: luiz.dentz@gmail.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-26.3 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, USER_AGENT_GIT,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4BA6EC4320A for ; Tue, 3 Aug 2021 11:44:31 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 361DA60ED6 for ; Tue, 3 Aug 2021 11:44:31 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235751AbhHCLoi (ORCPT ); Tue, 3 Aug 2021 07:44:38 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45550 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235852AbhHCLoI (ORCPT ); Tue, 3 Aug 2021 07:44:08 -0400 Received: from mail-qt1-x84a.google.com (mail-qt1-x84a.google.com [IPv6:2607:f8b0:4864:20::84a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 309D4C0613D5 for ; Tue, 3 Aug 2021 04:43:56 -0700 (PDT) Received: by mail-qt1-x84a.google.com with SMTP id e16-20020ac867100000b0290257b7db4a28so12800241qtp.9 for ; Tue, 03 Aug 2021 04:43:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=AODxBjZj+nI2kbzDyMsrX+mfmhxGjROcT4no+1E+pG8=; b=ZGN1qveF9rdp1tByaWVQLN3Fo29KP4WbbR86taL9PPGZZO2lLf/aGjadh+W6cBhxzg hSfzPQjHeJqYnu77Vxit8X6CF/Rt8LTX6WJ/gtyC1//0Kq0eb92KO9/N/DxCB19CY80u GDyLbXM6MI0SeWTFiPqe6AsGQmszU1GX30PEhJhtwGRVSw12f/rQuhxUZVLWFYvrTmof VQlu+0ujBLTs/fqR3EzXrbCaJIsmBz5gqqazPgWU9uJwu8tugCV6hXX52EAB3Xf28jhC 4P0YlJNolZIIIpmNes5ZU2qs6DuQv9j0IkinWM1ipKqFOkIojaQKabZXlNjIb0SLX9DY XCLQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=AODxBjZj+nI2kbzDyMsrX+mfmhxGjROcT4no+1E+pG8=; b=fzmu3rgnklO4hV8L5K/kvqn/uMTVMFCHfQOEuPW20SySKlxYZVeTvbGy20nasn31V9 ztcYZFkq/Nv0jRs8kWAozEN+yg0P/+6bAWOBodEAqVb6+VVVvZOagT4Yyj6g0VFPAA+T h1QeIX2xtGur5eiXcRAyRIkgaIkrCE0uZ9r2ktNj122KvG5C/QSoKWUiZyy8k1+UnRMi /8k6eDldrpp88f5fM8rjP8qd38EApB8fPcjlqJXlU05MqS7b5FzG4RUp1/+Jt+9CYmXm K9BmqOW7v8yKtJf36UrvK0BhRkzdu6q0JvoslRdmSuEyBTVx3HsH7WzSby187dvyUypo 80PA== X-Gm-Message-State: AOAM5302bYZP9BfCtlyPPjXncrrdp8ior39fmGouNY7xEJ6EBoOP+1yN 4ZpRiT/nb2exyxLmnZAKRNvYCkh/GetGNzcNZ2C0znNPV9pF2AAnUP3ehVoxvkEce6kMcj5Wx2K a7cx9en3hNB7ek1iyBlrmzxZbWrzx42+3jdGpjtUKrY4//jeHq4dW4b8OuPsQTBmLrkQCSFtov6 GCfCVwb3Impz4= X-Google-Smtp-Source: ABdhPJwNwE1SsXxrN1MZm0xn7yehZVPGxhT++chToWL/sxbZBjrkQxLhWLXbGNpwpNU/Ik2vXjeyWJlS2rZ8Y02YhA== X-Received: from howardchung-p920.tpe.corp.google.com ([2401:fa00:1:10:ef55:8161:c77b:7a8d]) (user=howardchung job=sendgmr) by 2002:a05:6214:1c47:: with SMTP id if7mr20848610qvb.6.1627991035368; Tue, 03 Aug 2021 04:43:55 -0700 (PDT) Date: Tue, 3 Aug 2021 19:43:12 +0800 In-Reply-To: <20210803114317.801840-1-howardchung@google.com> Message-Id: <20210803194127.Bluez.v9.8.I00fd6c348e4c93501de6de0eae0d23436fd3895b@changeid> Mime-Version: 1.0 References: <20210803114317.801840-1-howardchung@google.com> X-Mailer: git-send-email 2.32.0.554.ge1b32706d8-goog Subject: [Bluez PATCH v9 08/13] plugins/admin: add ServiceAllowList property From: Howard Chung To: linux-bluetooth@vger.kernel.org, luiz.dentz@gmail.com Cc: Yun-Hao Chung , Miao-chen Chou Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Yun-Hao Chung This adds code to register interface org.bluez.AdminPolicyStatus. The interface will provide read-only properties to indicate the current settings of admin policies. We separate this from AdminPolicySet so that normal clients can check current policy settings while only a few clients can change policies. This patch also adds readonly property ServiceAllowlist to AdminPolicyStatus1, which indicates the current setting of service allowlist. Reviewed-by: Miao-chen Chou --- The following test steps were performed: 1. Set ServiceAllowList to ["1124","180A","180F","1812"] 2. Verify ServiceAllowList is ["1124","180A","180F","1812"] in UUID-128 form 3. Set ServiceAllowList to [] 4. Verify ServiceAllowList is [] (no changes since v1) plugins/admin.c | 58 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) diff --git a/plugins/admin.c b/plugins/admin.c index 1fe2904d93d9..d89a77c8a123 100644 --- a/plugins/admin.c +++ b/plugins/admin.c @@ -27,6 +27,7 @@ #include "src/shared/queue.h" #define ADMIN_POLICY_SET_INTERFACE "org.bluez.AdminPolicySet1" +#define ADMIN_POLICY_STATUS_INTERFACE "org.bluez.AdminPolicyStatus1" static DBusConnection *dbus_conn; @@ -151,6 +152,11 @@ static DBusMessage *set_service_allowlist(DBusConnection *conn, return btd_error_failed(msg, "service_allowlist_set failed"); } + g_dbus_emit_property_changed(dbus_conn, + adapter_get_path(policy_data->adapter), + ADMIN_POLICY_STATUS_INTERFACE, + "ServiceAllowList"); + return dbus_message_new_method_return(msg); } @@ -160,6 +166,43 @@ static const GDBusMethodTable admin_policy_adapter_methods[] = { { } }; +void append_service_uuid(void *data, void *user_data) +{ + bt_uuid_t *uuid = data; + DBusMessageIter *entry = user_data; + char uuid_str[MAX_LEN_UUID_STR]; + const char *uuid_str_ptr = uuid_str; + + if (!uuid) { + error("Unexpected NULL uuid data in service_allowlist"); + return; + } + + bt_uuid_to_string(uuid, uuid_str, MAX_LEN_UUID_STR); + dbus_message_iter_append_basic(entry, DBUS_TYPE_STRING, &uuid_str_ptr); +} + +static gboolean property_get_service_allowlist( + const GDBusPropertyTable *property, + DBusMessageIter *iter, void *user_data) +{ + struct btd_admin_policy *admin_policy = user_data; + DBusMessageIter entry; + + dbus_message_iter_open_container(iter, DBUS_TYPE_ARRAY, + DBUS_TYPE_STRING_AS_STRING, &entry); + queue_foreach(admin_policy->service_allowlist, append_service_uuid, + &entry); + dbus_message_iter_close_container(iter, &entry); + + return TRUE; +} + +static const GDBusPropertyTable admin_policy_adapter_properties[] = { + { "ServiceAllowList", "as", property_get_service_allowlist }, + { } +}; + static int admin_policy_adapter_probe(struct btd_adapter *adapter) { const char *adapter_path; @@ -189,6 +232,21 @@ static int admin_policy_adapter_probe(struct btd_adapter *adapter) btd_info(policy_data->adapter_id, "Admin Policy Set interface registered"); + + if (!g_dbus_register_interface(dbus_conn, adapter_path, + ADMIN_POLICY_STATUS_INTERFACE, + NULL, NULL, + admin_policy_adapter_properties, + policy_data, admin_policy_free)) { + btd_error(policy_data->adapter_id, + "Admin Policy Status interface init failed on path %s", + adapter_path); + return -EINVAL; + } + + btd_info(policy_data->adapter_id, + "Admin Policy Status interface registered"); + return 0; } From patchwork Tue Aug 3 11:43:13 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Howard Chung X-Patchwork-Id: 12416059 X-Patchwork-Delegate: luiz.dentz@gmail.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-23.5 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, UNWANTED_LANGUAGE_BODY,USER_AGENT_GIT,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id CDD9FC4338F for ; Tue, 3 Aug 2021 11:44:39 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id B76F16104F for ; Tue, 3 Aug 2021 11:44:39 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236122AbhHCLos (ORCPT ); Tue, 3 Aug 2021 07:44:48 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45534 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235899AbhHCLoN (ORCPT ); Tue, 3 Aug 2021 07:44:13 -0400 Received: from mail-yb1-xb49.google.com (mail-yb1-xb49.google.com [IPv6:2607:f8b0:4864:20::b49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AA2B7C0617A3 for ; Tue, 3 Aug 2021 04:43:59 -0700 (PDT) Received: by mail-yb1-xb49.google.com with SMTP id s123-20020a2577810000b02904f84a5c5297so22614920ybc.16 for ; Tue, 03 Aug 2021 04:43:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=eIRHaV79CiBWZE4HNDJBvuDirUItQNLJuh5cCV9CV78=; b=BVEIN4tHTePtwWCOF3Mk3r2B/CQJ8seGX5DNilsTiasX0KiXcxu7y7V2THQK6AYXEU +zpk0/LjEaicb1/LQMMHkAbHfTXY+ovcBUV4PpyfH2LdwKNKU/JdgA4Lihxd67Pe/u63 RF/6e2EMU4VrJrYgcBz+uzi74tjvRJVIQFi2LI5ZFhvARbUZHaLJ/jkwuR6a7QUjJ/9X 45jjxJrQJjBOIVhLmmGrS15rZcjwRL+MNrBjMy/9bHEtbbWnR9BQJJuE3NOHRKV534qa NRNDdBp5Edw21jVOSez4ORjkRUo5lWtlPWAldqsyk70zmH9IRieWjFh6LXZFy/F6Z66H 1+iQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=eIRHaV79CiBWZE4HNDJBvuDirUItQNLJuh5cCV9CV78=; b=ToSnUU+hw6s4FeuPC56oKMS/JV+hQxoBJMTsYsNo0dZ1mOCpmor+i4TiY0Q12UwyhH Ri4SCP7Prz7J1ovqN+YQSHIkaFmQChVFfUO0V3RbOcJhS1yZXyA1lrshN9rd7UpmWKPW CIcPzPdCpHTvkRdWIy4WQNsljkW/wukwXM/vl2iLTXiu89T3XnTN0kHkNI487mbu8HaX VtpPS0p1O/C8Do/PClocCh3xNgB3Obkag0E2H4VLWNm6Dye1+RjUA1wldKD/iVPLPTlx lRxsIpjaCVbJMUhPndFIkdsiAvdfS9clnDAN+hhvPLwUNaqieWoOz5+KKc1JuEgpXswy BFIQ== X-Gm-Message-State: AOAM532073z1Esn14kXFrWi6VnqqqVQSNu78d1MSocqUYb43syexqbe6 2QAcQ6cXSs8WZ9mw4oG/S8Htt+yWZYjfNmT+5olzq9gy4ESAqG+Z021puTALw+EBOWNOAaSO1Zc WD55cVNsUO6n7H8jKNFvlbhrw035hiKKMXKWdSJvlLZwZV9V+loPlwiBjZmdnQ5wlgI9aG2eo/x ufFL0j88fdedY= X-Google-Smtp-Source: ABdhPJyxBJeSRzfhMAU7mQw6zOljPiCuFNLgf8idKtgxTATGoLeiiQTjxCtC05froJ83LY2uXEbKhBofMnni4Sj3jQ== X-Received: from howardchung-p920.tpe.corp.google.com ([2401:fa00:1:10:ef55:8161:c77b:7a8d]) (user=howardchung job=sendgmr) by 2002:a25:d084:: with SMTP id h126mr27636787ybg.175.1627991038900; Tue, 03 Aug 2021 04:43:58 -0700 (PDT) Date: Tue, 3 Aug 2021 19:43:13 +0800 In-Reply-To: <20210803114317.801840-1-howardchung@google.com> Message-Id: <20210803194127.Bluez.v9.9.I517e5199ac8019b770c7ee8c92a294ec1c752748@changeid> Mime-Version: 1.0 References: <20210803114317.801840-1-howardchung@google.com> X-Mailer: git-send-email 2.32.0.554.ge1b32706d8-goog Subject: [Bluez PATCH v9 09/13] plugins/admin: add device callbacks From: Howard Chung To: linux-bluetooth@vger.kernel.org, luiz.dentz@gmail.com Cc: Yun-Hao Chung , Miao-chen Chou Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Yun-Hao Chung This adds callbacks for device resolved and device removed. It is necessary for implementation of "AffectedByPolicy" property since it needs to register an interface for each device object and unregister it once the device gets removed. --- The following test steps were performed: 1. start discovery using UI 2. verify device_data were added by checking system log 3. stop discovery 4. verify device_data were removed after a few seconds by checking system log (no changes since v8) Changes in v8: - add device_data when we get called device_resolved instead of device_added. Otherwise it is possible that a device service has not yet been resolved so device_data->|affected| might not be correct. Reviewed-by: Miao-chen Chou plugins/admin.c | 78 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 78 insertions(+) diff --git a/plugins/admin.c b/plugins/admin.c index d89a77c8a123..0a0d8a39ed37 100644 --- a/plugins/admin.c +++ b/plugins/admin.c @@ -20,6 +20,7 @@ #include "src/adapter.h" #include "src/dbus-common.h" +#include "src/device.h" #include "src/error.h" #include "src/log.h" #include "src/plugin.h" @@ -29,7 +30,11 @@ #define ADMIN_POLICY_SET_INTERFACE "org.bluez.AdminPolicySet1" #define ADMIN_POLICY_STATUS_INTERFACE "org.bluez.AdminPolicyStatus1" +#define DBUS_BLUEZ_SERVICE "org.bluez" +#define BTD_DEVICE_INTERFACE "org.bluez.Device1" + static DBusConnection *dbus_conn; +static struct queue *devices; /* List of struct device_data objects */ /* |policy_data| has the same life cycle as btd_adapter */ static struct btd_admin_policy { @@ -38,6 +43,11 @@ static struct btd_admin_policy { struct queue *service_allowlist; } *policy_data = NULL; +struct device_data { + struct btd_device *device; + char *path; +}; + static struct btd_admin_policy *admin_policy_new(struct btd_adapter *adapter) { struct btd_admin_policy *admin_policy = NULL; @@ -203,6 +213,37 @@ static const GDBusPropertyTable admin_policy_adapter_properties[] = { { } }; +static bool device_data_match(const void *a, const void *b) +{ + const struct device_data *data = a; + const struct btd_device *dev = b; + + if (!data) { + error("Unexpected NULL device_data"); + return false; + } + + return data->device == dev; +} + +static void free_device_data(void *data) +{ + struct device_data *device_data = data; + + g_free(device_data->path); + g_free(device_data); +} + +static void remove_device_data(void *data) +{ + struct device_data *device_data = data; + + DBG("device_data for %s removing", device_data->path); + + queue_remove(devices, device_data); + free_device_data(device_data); +} + static int admin_policy_adapter_probe(struct btd_adapter *adapter) { const char *adapter_path; @@ -250,10 +291,45 @@ static int admin_policy_adapter_probe(struct btd_adapter *adapter) return 0; } +static void admin_policy_device_added(struct btd_adapter *adapter, + struct btd_device *device) +{ + struct device_data *data; + + if (queue_find(devices, device_data_match, device)) + return; + + data = g_new0(struct device_data, 1); + if (!data) { + btd_error(btd_adapter_get_index(adapter), + "Failed to allocate memory for device_data"); + return; + } + + data->device = device; + data->path = g_strdup(device_get_path(device)); + queue_push_tail(devices, data); + + DBG("device_data for %s added", data->path); +} + +static void admin_policy_device_removed(struct btd_adapter *adapter, + struct btd_device *device) +{ + struct device_data *data; + + data = queue_find(devices, device_data_match, device); + + if (data) + remove_device_data(data); +} + static struct btd_adapter_driver admin_policy_driver = { .name = "admin_policy", .probe = admin_policy_adapter_probe, .resume = NULL, + .device_resolved = admin_policy_device_added, + .device_removed = admin_policy_device_removed }; static int admin_init(void) @@ -261,6 +337,7 @@ static int admin_init(void) DBG(""); dbus_conn = btd_get_dbus_connection(); + devices = queue_new(); return btd_register_adapter_driver(&admin_policy_driver); } @@ -270,6 +347,7 @@ static void admin_exit(void) DBG(""); btd_unregister_adapter_driver(&admin_policy_driver); + queue_destroy(devices, free_device_data); if (policy_data) admin_policy_free(policy_data); From patchwork Tue Aug 3 11:43:14 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Howard Chung X-Patchwork-Id: 12416061 X-Patchwork-Delegate: luiz.dentz@gmail.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-23.5 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, UNWANTED_LANGUAGE_BODY,USER_AGENT_GIT,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3FBD5C432BE for ; Tue, 3 Aug 2021 11:44:41 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 2AAD0610A2 for ; Tue, 3 Aug 2021 11:44:41 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236274AbhHCLou (ORCPT ); Tue, 3 Aug 2021 07:44:50 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45550 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235965AbhHCLoP (ORCPT ); Tue, 3 Aug 2021 07:44:15 -0400 Received: from mail-qv1-xf49.google.com (mail-qv1-xf49.google.com [IPv6:2607:f8b0:4864:20::f49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1B1E9C06175F for ; Tue, 3 Aug 2021 04:44:03 -0700 (PDT) Received: by mail-qv1-xf49.google.com with SMTP id z25-20020a0ca9590000b029033ba243ffa1so12049816qva.0 for ; Tue, 03 Aug 2021 04:44:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=NHnWpmnchr1M3qNJZS28mvOxF/U82MrGnXWxqqn/Vsc=; b=uwwXqnfXoI7xA6cEZQgawGuiwH/CzRZprlrIG+nRoovcmoerJ5Q3b8Fxs2RDCf9Vlt QzK58U2Ew67zcRsZksHzJpyjIwcb2cS4fKKuNRf7givn4YOcWPHN3SJucWz9s2kq3YGL Jekm9ATBn7xe1henHWVrb7z3zY9eBTkCwDss+AA5GO0Mff1YCONYGQregmvlrMk9ZpNs pvVsPX2oZbN7vb/jhIQbVsY9mCOvwUZGK1rzn01ISp8NMUiF+Bm7/tWsMg5fnCTYlyxO 00V1ma9gzC9ZfwYA1ycYmQP0Pxcs0FD1b/jgGwibaaDe/CuAYs5QgJcsYa4tSeaJkd7h Rp0w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=NHnWpmnchr1M3qNJZS28mvOxF/U82MrGnXWxqqn/Vsc=; b=Xc8xOwmaQ15ah44O5X0rl/onUniro6gbOhLABmNu3Ero1N+hq5+SQHE4j2IGP5z7Rk +qv6xXucaMzflP1Q5+7KP8bhTIbiJyxfA9K4RqXq0nvvKWhZJETGRX9BKHCKC3HO/90S iIpy4mkX6Xmv5CQdh05m3vvxv3ncJW5XxRz34tLPGhEIXGMaALz+Ygh9rD4m6FU93D8b 9LJSsqfBDemOjvCmgp30N0KCTxX/KSauo9gq9Pm1N5/8e1ngBPIqJBeeaG+tMgAr14fl XDVGDDYNQWtCeST5nIRzdyn+vM3CPXtBp0xP/ZayWybv1bom+BGVPUI5QwwfkUSh8uJP oiVA== X-Gm-Message-State: AOAM531R6VF9I3ZE4Ofq9UQOYdkgn49eqcOEVnhYCX00zllku86nUaaa YYA6iOoFyiFV22dYepBOHrvq+QGb4UbWFdKxaK4Eq86fxW4gW+pdLsMepJHiLEnKuKKeohtlXuA aMF/hpkHMETry850jSTM9Bh0sUG9maQD3V1o2kAyrW/yD2R2y13Q/VNkjn32FiB7caKRKgPvevK n4NdWMXErbSnE= X-Google-Smtp-Source: ABdhPJxd1+SfU51n8Qz+RMRTBm0No1lCDNwU6drDW9tjhvL6VtA2oYtff1TwVVsc0Q4gE30XDlhk7hO6rk/qEcDsuw== X-Received: from howardchung-p920.tpe.corp.google.com ([2401:fa00:1:10:ef55:8161:c77b:7a8d]) (user=howardchung job=sendgmr) by 2002:a0c:e941:: with SMTP id n1mr21392687qvo.47.1627991042203; Tue, 03 Aug 2021 04:44:02 -0700 (PDT) Date: Tue, 3 Aug 2021 19:43:14 +0800 In-Reply-To: <20210803114317.801840-1-howardchung@google.com> Message-Id: <20210803194127.Bluez.v9.10.I570c860f59c8ed66ddb31aa54584ee08080aa10c@changeid> Mime-Version: 1.0 References: <20210803114317.801840-1-howardchung@google.com> X-Mailer: git-send-email 2.32.0.554.ge1b32706d8-goog Subject: [Bluez PATCH v9 10/13] plugins/admin: add AffectedByPolicy property From: Howard Chung To: linux-bluetooth@vger.kernel.org, luiz.dentz@gmail.com Cc: Yun-Hao Chung , Miao-chen Chou Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Yun-Hao Chung This adds property to indicate if a device has any service that is being blocked by admin policy. Reviewed-by: Miao-chen Chou --- The following test steps were performed: 1. Set ServiceAllowList to [] 2. Verify AffectedByPolicy of K830 is False 3. Set ServiceAllowList to ["1800"] 4. Verify AffectedByPolicy of K830 is False 5. Set ServiceAllowList to ["1800","1801","180A","180F","1812"] 6. Verify AffectedByPolicy of K830 is True (no changes since v1) plugins/admin.c | 73 +++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 71 insertions(+), 2 deletions(-) diff --git a/plugins/admin.c b/plugins/admin.c index 0a0d8a39ed37..7936f8c11475 100644 --- a/plugins/admin.c +++ b/plugins/admin.c @@ -46,6 +46,7 @@ static struct btd_admin_policy { struct device_data { struct btd_device *device; char *path; + bool affected; }; static struct btd_admin_policy *admin_policy_new(struct btd_adapter *adapter) @@ -139,6 +140,27 @@ static bool service_allowlist_set(struct btd_admin_policy *admin_policy, return true; } +static void update_device_affected(void *data, void *user_data) +{ + struct device_data *dev_data = data; + bool affected; + + if (!dev_data) { + error("Unexpected NULL device_data when updating device"); + return; + } + + affected = !btd_device_all_services_allowed(dev_data->device); + + if (affected == dev_data->affected) + return; + + dev_data->affected = affected; + + g_dbus_emit_property_changed(dbus_conn, dev_data->path, + ADMIN_POLICY_STATUS_INTERFACE, "AffectedByPolicy"); +} + static DBusMessage *set_service_allowlist(DBusConnection *conn, DBusMessage *msg, void *user_data) { @@ -167,6 +189,8 @@ static DBusMessage *set_service_allowlist(DBusConnection *conn, ADMIN_POLICY_STATUS_INTERFACE, "ServiceAllowList"); + queue_foreach(devices, update_device_affected, NULL); + return dbus_message_new_method_return(msg); } @@ -226,6 +250,28 @@ static bool device_data_match(const void *a, const void *b) return data->device == dev; } +static gboolean property_get_affected_by_policy( + const GDBusPropertyTable *property, + DBusMessageIter *iter, void *user_data) +{ + struct device_data *data = user_data; + + if (!data) { + error("Unexpected error: device_data is NULL"); + return FALSE; + } + + dbus_message_iter_append_basic(iter, DBUS_TYPE_BOOLEAN, + &data->affected); + + return TRUE; +} + +static const GDBusPropertyTable admin_policy_device_properties[] = { + { "AffectedByPolicy", "b", property_get_affected_by_policy }, + { } +}; + static void free_device_data(void *data) { struct device_data *device_data = data; @@ -308,11 +354,33 @@ static void admin_policy_device_added(struct btd_adapter *adapter, data->device = device; data->path = g_strdup(device_get_path(device)); + data->affected = !btd_device_all_services_allowed(data->device); + + if (!g_dbus_register_interface(dbus_conn, data->path, + ADMIN_POLICY_STATUS_INTERFACE, + NULL, NULL, + admin_policy_device_properties, + data, remove_device_data)) { + btd_error(btd_adapter_get_index(adapter), + "Admin Policy Status interface init failed on path %s", + device_get_path(device)); + free_device_data(data); + return; + } + queue_push_tail(devices, data); DBG("device_data for %s added", data->path); } +static void unregister_device_data(void *data, void *user_data) +{ + struct device_data *dev_data = data; + + g_dbus_unregister_interface(dbus_conn, dev_data->path, + ADMIN_POLICY_STATUS_INTERFACE); +} + static void admin_policy_device_removed(struct btd_adapter *adapter, struct btd_device *device) { @@ -321,7 +389,7 @@ static void admin_policy_device_removed(struct btd_adapter *adapter, data = queue_find(devices, device_data_match, device); if (data) - remove_device_data(data); + unregister_device_data(data, NULL); } static struct btd_adapter_driver admin_policy_driver = { @@ -347,7 +415,8 @@ static void admin_exit(void) DBG(""); btd_unregister_adapter_driver(&admin_policy_driver); - queue_destroy(devices, free_device_data); + queue_foreach(devices, unregister_device_data, NULL); + queue_destroy(devices, g_free); if (policy_data) admin_policy_free(policy_data); From patchwork Tue Aug 3 11:43:15 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Howard Chung X-Patchwork-Id: 12416063 X-Patchwork-Delegate: luiz.dentz@gmail.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-23.5 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, UNWANTED_LANGUAGE_BODY,USER_AGENT_GIT,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id DD240C4320A for ; Tue, 3 Aug 2021 11:44:43 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id C787E610A0 for ; Tue, 3 Aug 2021 11:44:43 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236134AbhHCLov (ORCPT ); Tue, 3 Aug 2021 07:44:51 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45594 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236045AbhHCLoT (ORCPT ); Tue, 3 Aug 2021 07:44:19 -0400 Received: from mail-qk1-x749.google.com (mail-qk1-x749.google.com [IPv6:2607:f8b0:4864:20::749]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AC9E1C06175F for ; Tue, 3 Aug 2021 04:44:06 -0700 (PDT) Received: by mail-qk1-x749.google.com with SMTP id j12-20020a05620a146cb02903ad9c5e94baso16347996qkl.16 for ; Tue, 03 Aug 2021 04:44:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=HT6GZewuWl+DtJ4c8B9aj3YtUWlkueJmooALc8VEJgE=; b=MR8SDqqmRzObNxYFOq6kTmLHcaA4+1krGDnsxhAfmjR6jhjLANVfBDJMeLbqmX8KqT js6qeddYSkS7VfNykL/YOsYio6otclAa78ekavQEJmM9wpcBeqtfcdwGgzIq2AE7P5vg D/9P1AoNyl2QBlDtzIMqzhCGk6pRe81ycEb66lAnI/1u6Ad8+aVGd3yzamLBv+XE553Y 2UESdmVT1wl5CAijZX3Z41+OIj0jcWiSZ8TuGuLA8KSpX6YXdnzpNh5aW4BbhqwOeU4X IZgnIBQZVRBzYoyZe6GH8NgW8C5c8eG6cYU2pkqtcxnYwyVYADdo/L5CkWrSaIM41NHo Nr6Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=HT6GZewuWl+DtJ4c8B9aj3YtUWlkueJmooALc8VEJgE=; b=o3VWRuqATREIRp4osvimOhtZBBMKdghjhs/3g5ialsJrMzMFW4wItvdNWTH7vUYZcH nksAtF3kniZC6qqA2JEmWLTsTE+vV+o3FWtMrnOUxQXkV98ICkAIfftmjZnmQeDTTV5m 2j9sTOC6BJKIe+HXA4oosw9auN2/vI/c10sHnvjVgHEJjrMwgQsQOgLb/eGSqd1aw86B 65GsBLRXssQG8F1oAukPKOUXml192FMtWKcoOzlOdzr9VCXs3wsxCb7Nj2LaEP+Fbs5v kyDMLRNtlhNBn4qP/DLLtktLSSy7F9B4h4yiiG+zLAgHAliG/Kpp9W1bc823izWGOd1V UFng== X-Gm-Message-State: AOAM5333WC0vcqEDo/FW8uXIqZeSg+jjJVlfxXJaWLkS6xjSGgQjbsfn snrsJ6peb//LPEDUPavSJcMPwPsEk79V5yN217Qy4O5JJhuTywsCFVFPdP41wRdhxGVukFswjZc lNCnb9keKTS/13D8hwBubtxUxX0K8QtrE4iszbyeLU90bwVpSSrmcndAsw5e74r++ospQR57btU /TWzPr/SUvOKE= X-Google-Smtp-Source: ABdhPJz0sWlP5rAAraFZJvfCsCRKPDECBChm4ILI1mTtKUTKMhUsVK3P+UTwx4KHG9VKuDo//MBRXIudh3VP0ERqrw== X-Received: from howardchung-p920.tpe.corp.google.com ([2401:fa00:1:10:ef55:8161:c77b:7a8d]) (user=howardchung job=sendgmr) by 2002:a05:6214:1362:: with SMTP id c2mr21398056qvw.9.1627991045835; Tue, 03 Aug 2021 04:44:05 -0700 (PDT) Date: Tue, 3 Aug 2021 19:43:15 +0800 In-Reply-To: <20210803114317.801840-1-howardchung@google.com> Message-Id: <20210803194127.Bluez.v9.11.Ib26c0abdbd417673a8b5788c175c06110726a68c@changeid> Mime-Version: 1.0 References: <20210803114317.801840-1-howardchung@google.com> X-Mailer: git-send-email 2.32.0.554.ge1b32706d8-goog Subject: [Bluez PATCH v9 11/13] plugins/admin: persist policy settings From: Howard Chung To: linux-bluetooth@vger.kernel.org, luiz.dentz@gmail.com Cc: Yun-Hao Chung , Miao-chen Chou Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Yun-Hao Chung This adds code to store the ServiceAllowlist to file /var/lib/bluetooth/{MAC_ADDR}/admin_policy The stored settings will be loaded upon admin_policy initialized. Reviewed-by: Miao-chen Chou --- The following test steps were performed: 1. Set ServiceAllowlist to ["1124","180A","180F","1812", "1801"] 2. restart bluetoothd 3. Verify ServiceAllowlist is ["1124","180A","180F","1812","1801"] in UUID-128 form 4. Set ServiceAllowlist to [] 5. restart bluetoothd 6. Verify ServiceAllowlist is [] (no changes since v8) Changes in v8: - Move store_policy_settings earlier to avoid forward declaration. plugins/admin.c | 167 +++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 165 insertions(+), 2 deletions(-) diff --git a/plugins/admin.c b/plugins/admin.c index 7936f8c11475..428a5528cc88 100644 --- a/plugins/admin.c +++ b/plugins/admin.c @@ -14,6 +14,9 @@ #include #include +#include +#include +#include #include "lib/bluetooth.h" #include "lib/uuid.h" @@ -24,11 +27,13 @@ #include "src/error.h" #include "src/log.h" #include "src/plugin.h" +#include "src/textfile.h" #include "src/shared/queue.h" #define ADMIN_POLICY_SET_INTERFACE "org.bluez.AdminPolicySet1" #define ADMIN_POLICY_STATUS_INTERFACE "org.bluez.AdminPolicyStatus1" +#define ADMIN_POLICY_STORAGE STORAGEDIR "/admin_policy_settings" #define DBUS_BLUEZ_SERVICE "org.bluez" #define BTD_DEVICE_INTERFACE "org.bluez.Device1" @@ -161,6 +166,161 @@ static void update_device_affected(void *data, void *user_data) ADMIN_POLICY_STATUS_INTERFACE, "AffectedByPolicy"); } +static void free_uuid_strings(char **uuid_strs, gsize num) +{ + gsize i; + + for (i = 0; i < num; i++) + g_free(uuid_strs[i]); + g_free(uuid_strs); +} + +static char **new_uuid_strings(struct queue *allowlist, gsize *num) +{ + const struct queue_entry *entry = NULL; + bt_uuid_t *uuid = NULL; + char **uuid_strs = NULL; + gsize i = 0, allowlist_num; + + /* Set num to a non-zero number so that whoever call this could know if + * this function success or not + */ + *num = 1; + + allowlist_num = queue_length(allowlist); + uuid_strs = g_try_malloc_n(allowlist_num, sizeof(char *)); + if (!uuid_strs) + return NULL; + + for (entry = queue_get_entries(allowlist); entry != NULL; + entry = entry->next) { + uuid = entry->data; + uuid_strs[i] = g_try_malloc0(MAX_LEN_UUID_STR * sizeof(char)); + + if (!uuid_strs[i]) + goto failed; + + bt_uuid_to_string(uuid, uuid_strs[i], MAX_LEN_UUID_STR); + i++; + } + + *num = allowlist_num; + return uuid_strs; + +failed: + free_uuid_strings(uuid_strs, i); + + return NULL; +} + +static void store_policy_settings(struct btd_admin_policy *admin_policy) +{ + GKeyFile *key_file = NULL; + char *filename = ADMIN_POLICY_STORAGE; + char *key_file_data = NULL; + char **uuid_strs = NULL; + gsize length, num_uuids; + + key_file = g_key_file_new(); + + uuid_strs = new_uuid_strings(admin_policy->service_allowlist, + &num_uuids); + + if (!uuid_strs && num_uuids) { + btd_error(admin_policy->adapter_id, + "Failed to allocate uuid strings"); + goto failed; + } + + g_key_file_set_string_list(key_file, "General", "ServiceAllowlist", + (const gchar * const *)uuid_strs, + num_uuids); + + if (create_file(ADMIN_POLICY_STORAGE, 0600) < 0) { + btd_error(admin_policy->adapter_id, "create %s failed, %s", + filename, strerror(errno)); + goto failed; + } + + key_file_data = g_key_file_to_data(key_file, &length, NULL); + g_file_set_contents(ADMIN_POLICY_STORAGE, key_file_data, length, NULL); + + g_free(key_file_data); + free_uuid_strings(uuid_strs, num_uuids); + +failed: + g_key_file_free(key_file); +} + +static void key_file_load_service_allowlist(GKeyFile *key_file, + struct btd_admin_policy *admin_policy) +{ + GError *gerr = NULL; + struct queue *uuid_list = NULL; + gchar **uuids = NULL; + gsize num, i; + + uuids = g_key_file_get_string_list(key_file, "General", + "ServiceAllowlist", &num, &gerr); + + if (gerr) { + btd_error(admin_policy->adapter_id, + "Failed to load ServiceAllowlist"); + g_error_free(gerr); + return; + } + + uuid_list = queue_new(); + for (i = 0; i < num; i++) { + bt_uuid_t *uuid = g_try_malloc(sizeof(*uuid)); + + if (!uuid) + goto failed; + + if (bt_string_to_uuid(uuid, *uuids)) { + + btd_error(admin_policy->adapter_id, + "Failed to convert '%s' to uuid struct", + *uuids); + + g_free(uuid); + goto failed; + } + + queue_push_tail(uuid_list, uuid); + uuids++; + } + + if (!service_allowlist_set(admin_policy, uuid_list)) + goto failed; + + return; +failed: + free_service_allowlist(uuid_list); +} + +static void load_policy_settings(struct btd_admin_policy *admin_policy) +{ + GKeyFile *key_file; + char *filename = ADMIN_POLICY_STORAGE; + struct stat st; + + if (stat(filename, &st) < 0) { + btd_error(admin_policy->adapter_id, + "Failed to get file %s information", + filename); + return; + } + + key_file = g_key_file_new(); + + g_key_file_load_from_file(key_file, filename, 0, NULL); + + key_file_load_service_allowlist(key_file, admin_policy); + + g_key_file_free(key_file); +} + static DBusMessage *set_service_allowlist(DBusConnection *conn, DBusMessage *msg, void *user_data) { @@ -179,7 +339,9 @@ static DBusMessage *set_service_allowlist(DBusConnection *conn, return btd_error_invalid_args(msg); } - if (!service_allowlist_set(admin_policy, uuid_list)) { + if (service_allowlist_set(admin_policy, uuid_list)) { + store_policy_settings(admin_policy); + } else { free_service_allowlist(uuid_list); return btd_error_failed(msg, "service_allowlist_set failed"); } @@ -200,7 +362,7 @@ static const GDBusMethodTable admin_policy_adapter_methods[] = { { } }; -void append_service_uuid(void *data, void *user_data) +static void append_service_uuid(void *data, void *user_data) { bt_uuid_t *uuid = data; DBusMessageIter *entry = user_data; @@ -305,6 +467,7 @@ static int admin_policy_adapter_probe(struct btd_adapter *adapter) if (!policy_data) return -ENOMEM; + load_policy_settings(policy_data); adapter_path = adapter_get_path(adapter); if (!g_dbus_register_interface(dbus_conn, adapter_path, From patchwork Tue Aug 3 11:43:16 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Howard Chung X-Patchwork-Id: 12416067 X-Patchwork-Delegate: luiz.dentz@gmail.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-26.3 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, USER_AGENT_GIT,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D5060C4320A for ; Tue, 3 Aug 2021 11:45:28 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id BFB7F61040 for ; Tue, 3 Aug 2021 11:45:28 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236299AbhHCLow (ORCPT ); Tue, 3 Aug 2021 07:44:52 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45606 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236102AbhHCLoW (ORCPT ); Tue, 3 Aug 2021 07:44:22 -0400 Received: from mail-qv1-xf49.google.com (mail-qv1-xf49.google.com [IPv6:2607:f8b0:4864:20::f49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0DEBDC061757 for ; Tue, 3 Aug 2021 04:44:10 -0700 (PDT) Received: by mail-qv1-xf49.google.com with SMTP id cb3-20020ad456230000b02903319321d1e3so17109409qvb.14 for ; Tue, 03 Aug 2021 04:44:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=GUGK6mf2HhVtnM87+R/s6TG00Oczs2xSvSnRMURkPe8=; b=UlRlEB/ZeEifUGAJrRU0GrdEaqZBQw5XCNp2JXUulVV9tgN79e+sY0+i4d6OVKBII+ dkpxJQoKWKrVALlGi0darIhQwQxkv88N4ISz1KrDFk/ahUA/3MnbRbo4aZ1H2X/UT/Px taqAptySZIpI66RX3MyxurljHe7FjlvMJGYMffSSYtKNCCu0X+bAf2ZpL3JaGCmQOLTy Mv3qpNuznU76OQkVsAw4vnZTUBknDIBqkMW1SHky7Tq6Hox0+REaHzJMwHaoFK/Di3DJ eZxoC19In4SGMoUaBi1V0hmwOmsX06NcBcl0z11u97m8tAfFAg6CMUJjB1qEGvWxZp3E fKfQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=GUGK6mf2HhVtnM87+R/s6TG00Oczs2xSvSnRMURkPe8=; b=b1twuO5KPYphnPj5/dcz/0lIl1wXxP8ZrsY80ohPoe9Pm8LqIrpEKB3A1apNFopp2n bia3B+DXSzxpZSyMlGTEX8+1nlDC3FF4xnSZE7EBISg7NDJjsQlv1guW1Aj+o+rsDJ0W erfDgD7uhbketjN6uEXjaWKg34M8n3uOf/TxjuQsDlVy/IQlSsVu2UcB4DVSMdZf7zh2 z4Eg27876nJGwrOTzyI+9NSczR0FDd+FXPCAmvv5wCeBqTx4MQflFxJCF44Lp3kqgY6+ CWlBwvZzM4jOi5EgpnnG6/WjXe42odgNEUq/SMaQjKNkZRok4wpDScP91ghuiS0tlMwS 7OGA== X-Gm-Message-State: AOAM530ecWpcQ573VW+r0MpyFWkMq9egPuxFJzUBmYjxvXYIic5nMKGu tnQ2X+ulEorLazCOPR41tS7hiTzDmJ/lesAizHBkWJat1L43IlvKT/Jn7sdzfUi8xu+tHasJJLb bLvYNfOe9stboIlkbKzPGMt9DQYQIPJBM8rbwBYqWhns0/rPaEgLqimSRr74omORpNcsvIu2OHw YEWOhB5OlnnhI= X-Google-Smtp-Source: ABdhPJzrJaZckrzaZQ/YTk2v2ssyprlmn4ndRv3PKDqFd6wNkUwz5/aGCWwAPYrKiX62dK0YuJx2Erc9GYDMh5qhSg== X-Received: from howardchung-p920.tpe.corp.google.com ([2401:fa00:1:10:ef55:8161:c77b:7a8d]) (user=howardchung job=sendgmr) by 2002:a05:6214:b33:: with SMTP id w19mr21298912qvj.50.1627991049202; Tue, 03 Aug 2021 04:44:09 -0700 (PDT) Date: Tue, 3 Aug 2021 19:43:16 +0800 In-Reply-To: <20210803114317.801840-1-howardchung@google.com> Message-Id: <20210803194127.Bluez.v9.12.I433ab6a7ac1d4f8f8dea496ac14bdbf3597015d3@changeid> Mime-Version: 1.0 References: <20210803114317.801840-1-howardchung@google.com> X-Mailer: git-send-email 2.32.0.554.ge1b32706d8-goog Subject: [Bluez PATCH v9 12/13] doc: add description of admin policy From: Howard Chung To: linux-bluetooth@vger.kernel.org, luiz.dentz@gmail.com Cc: Yun-Hao Chung , Miao-chen Chou Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Yun-Hao Chung This adds admin-policy-api.txt. Reviewed-by: Miao-chen Chou --- (no changes since v1) doc/admin-policy-api.txt | 65 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 65 insertions(+) create mode 100644 doc/admin-policy-api.txt diff --git a/doc/admin-policy-api.txt b/doc/admin-policy-api.txt new file mode 100644 index 000000000000..3f116901dbd7 --- /dev/null +++ b/doc/admin-policy-api.txt @@ -0,0 +1,65 @@ +BlueZ D-Bus Admin Policy API description +*********************************** + +This API provides methods to control the behavior of bluez as an administrator. + +Interface AdminPolicySet1 provides methods to set policies. Once the policy is +set successfully, it will affect all clients and stay persistently even after +restarting Bluetooth Daemon. The only way to clear it is to overwrite the +policy with the same method. + +Interface AdminPolicyStatus1 provides readonly properties to indicate the +current values of admin policy. + + +Admin Policy Set hierarchy +================= + +Service org.bluez +Interface org.bluez.AdminPolicySet1 +Object path [variable prefix]/{hci0,hci1,...} + +Methods void SetServiceAllowList(array{string} UUIDs) + + This method sets the service allowlist by specifying + service UUIDs. + + When SetServiceAllowList is called, bluez will block + incoming and outgoing connections to the service not in + UUIDs for all of the clients. + + Any subsequent calls to this method will supersede any + previously set allowlist values. Calling this method + with an empty array will allow any service UUIDs to be + used. + + The default value is an empty array. + + Possible errors: org.bluez.Error.InvalidArguments + org.bluez.Error.Failed + + +Admin Policy Status hierarchy +================= + +Service org.bluez +Interface org.bluez.AdminPolicyStatus1 +Object path [variable prefix]/{hci0,hci1,...} + +Properties array{string} ServiceAllowList [readonly] + + Current value of service allow list. + + + +Admin Policy Status hierarchy +================= + +Service org.bluez +Interface org.bluez.AdminPolicyStatus1 +Object path [variable prefix]/{hci0,hci1,...}/dev_XX_XX_XX_XX_XX_XX + +Properties bool IsAffectedByPolicy [readonly] + + Indicate if there is any auto-connect profile in this + device is not allowed by admin policy. From patchwork Tue Aug 3 11:43:17 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Howard Chung X-Patchwork-Id: 12416065 X-Patchwork-Delegate: luiz.dentz@gmail.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-21.3 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT, USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8A95DC19F31 for ; Tue, 3 Aug 2021 11:44:44 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 6E8D9610CC for ; Tue, 3 Aug 2021 11:44:44 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236319AbhHCLox (ORCPT ); Tue, 3 Aug 2021 07:44:53 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45624 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236151AbhHCLoZ (ORCPT ); Tue, 3 Aug 2021 07:44:25 -0400 Received: from mail-qk1-x74a.google.com (mail-qk1-x74a.google.com [IPv6:2607:f8b0:4864:20::74a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C23A5C061757 for ; Tue, 3 Aug 2021 04:44:13 -0700 (PDT) Received: by mail-qk1-x74a.google.com with SMTP id h5-20020a05620a0525b02903b861bec838so16357369qkh.7 for ; Tue, 03 Aug 2021 04:44:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=BgXc2kiWvh+2MYy3WKOMfVJuAoB8PiBWseCwaLJ30Ac=; b=an90IaburIFSquqHgA8wIoA2feBnMT/COU6ZvWjf2uatCngTBWRtEX+3AfhZ7ajroT H4uN1/A6zxR42QtedP0RPjXZBfYNHqRdVfsAmI1CJacNTzFhDwc4Aviv2qXIKD8G7y2w NiMOJLR0LhYqVn6Ctfp8iD/bfjv9E1PDwKMVgYRn4/8vp0TVub+6QoQ87ekNdZJlBQVi jhkSBCTkBnPVnCDQ92a6JLwRZJ6cKQ3DKlMBar6i8VkT+KjpoI9qDatUGjvYJNZ0ThsB 7jyW1QycVs+/cFNQXH8yqqMBEeti2ZEPFOfMvfV8xIxnpxl5EGVIGiYqzBk4OTY8NMHD Ei9Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=BgXc2kiWvh+2MYy3WKOMfVJuAoB8PiBWseCwaLJ30Ac=; b=dpFGd2SnGU/VwyytVUC3KFFfVEHt8k2tFfQg32v2oibkpv3DLurNkNuu2e+H8fF/T0 Jdu6F6RTpg9a466fLxXQkzNV1lm6pbfHvFjZoLV8IKVd2rTTOA9ttcZbGIuMFXSQ4WMo fr3vuomAQe3C8xJxwsxFi0MOiGjyl8p/5esLEzBTnvUBvn0+0Di/AMI2DUnG4ENg/NvN +WJ2JWB2ZB8xpjcwQD9echqyU8hLnE1WpizIfUIgx7bnps8L8GZrTeY1LiUPdmPZygN4 mHTfCx4VCNy5MBh3X/E4kIp0065kjxHjuhG1HyikWRWHsfYWCi9Q5X863uYYo7EJW1Xu 7K6g== X-Gm-Message-State: AOAM53399RmS9I5YNV06e6DZrIL3qUvL94jvij3ZohR+HQMXC5396sV9 H2RIMPsMdwhWpzVmV5ng3w2Rfe83JfCUTeXLusWY5mBklbfmAX589qy0+Y+euRuOpQI5eHIldRH 9v2H91hyhUyqJm/YokDAoSMGyfCZph6TGwHXiJKqjrZughOjFB6IC6YjoVW2Qr0ejEvrlB3ckq2 1UeAVeFBuMkEU= X-Google-Smtp-Source: ABdhPJwQfO+ETJr8jBGHxEHdjjoMWkuKtZo7o9cYDY+mK/XlKup0+2KhInfcdmlVSTGUeM1UTSf3vB3vE/cER2QnmA== X-Received: from howardchung-p920.tpe.corp.google.com ([2401:fa00:1:10:ef55:8161:c77b:7a8d]) (user=howardchung job=sendgmr) by 2002:a05:6214:e62:: with SMTP id jz2mr20972479qvb.21.1627991052895; Tue, 03 Aug 2021 04:44:12 -0700 (PDT) Date: Tue, 3 Aug 2021 19:43:17 +0800 In-Reply-To: <20210803114317.801840-1-howardchung@google.com> Message-Id: <20210803194127.Bluez.v9.13.Ide727bc4654c80ce67a268b624a6c5a0f79a11e1@changeid> Mime-Version: 1.0 References: <20210803114317.801840-1-howardchung@google.com> X-Mailer: git-send-email 2.32.0.554.ge1b32706d8-goog Subject: [Bluez PATCH v9 13/13] doc: add admin policy file storage description From: Howard Chung To: linux-bluetooth@vger.kernel.org, luiz.dentz@gmail.com Cc: Yun-Hao Chung Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Yun-Hao Chung This adds storage description of admin policy file in doc/settings-storage.txt --- (no changes since v1) doc/settings-storage.txt | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/doc/settings-storage.txt b/doc/settings-storage.txt index d21150f09ecb..1d96cd66d94f 100644 --- a/doc/settings-storage.txt +++ b/doc/settings-storage.txt @@ -36,6 +36,7 @@ root, named based on the address, which contains: - a settings file for the local adapter - an attributes file containing attributes of supported LE services + - an admin policy file containing current values of admin policies - a cache directory containing: - one file per device, named by remote device address, which contains device name @@ -50,6 +51,7 @@ So the directory structure is: /var/lib/bluetooth// ./settings ./attributes + ./admin_policy_settings ./cache/ ./ ./ @@ -140,6 +142,24 @@ Sample: Value=4578616D706C6520446576696365 +Admin Policy file format +====================== + +The admin policy file stores the current value of each admin policy. + +[General] group contains: + + ServiceAllowlist List of List of service UUID allowed by + strings adapter in 128-bits format, separated + by ','. Default is empty. + +Sample: + [General] + ServiceAllowlist= + + + + CCC file format ======================