From patchwork Thu Jul 29 12:27:40 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Howard Chung X-Patchwork-Id: 488867 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-26.3 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED,USER_AGENT_GIT,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 766DDC4338F for ; Thu, 29 Jul 2021 12:28:16 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 5D01760F02 for ; Thu, 29 Jul 2021 12:28:16 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237087AbhG2M2O (ORCPT ); Thu, 29 Jul 2021 08:28:14 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59786 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236952AbhG2M2M (ORCPT ); Thu, 29 Jul 2021 08:28:12 -0400 Received: from mail-qk1-x74a.google.com (mail-qk1-x74a.google.com [IPv6:2607:f8b0:4864:20::74a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 44A5BC061765 for ; Thu, 29 Jul 2021 05:28:09 -0700 (PDT) Received: by mail-qk1-x74a.google.com with SMTP id y3-20020ae9f4030000b02903b916ae903fso1915886qkl.6 for ; Thu, 29 Jul 2021 05:28:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=lcgnPP5ww4lJRDXdTTx6Q4PYdYcLCGwV1/+vXOgA96w=; b=GzlOIwm1nNpru/rzzzRF2pf+NQC/ghI9rpKx9LD2xwTu8K/jK07mzQbG0BP2L9Rt1w RRHulQF76SWI7m3nsmLiFqqcmXG7YOhA41ufphFIdF++bzUnykYHODsEWpB8GcQ+II8L o+/avqU6PDUBNgp9ehE2e3nphYpQVvMZQwyNqypme1vWUkGh3jKGwyZdRCJsC0wKrjz8 9jZ5wFckSHjbRJy/0j58Fh97PijhqvF43cnMkBnHmNnu36VrFbG+EdXi46+I6DowZmEL ler8hgug12gYCEXEYcVPVNb9O+1ydMAZVWQoPIPGANuJu9dafqwLNEEbJT+azPE5Mg+l zsZg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=lcgnPP5ww4lJRDXdTTx6Q4PYdYcLCGwV1/+vXOgA96w=; b=Ylgy7XY+ETh2iHidPNsQV+woduI34I3HqQlmEhO0NriiCf/pJbkhH29lo0yIN1RiW6 j0KaBThBgKDfreAi4Dn3ssmGDTUywZna4YAUDraBoNaka/9Srivpb0kdQ1NeNJeDg9+C hMzHiAV2o2Wiy1f3Oi5pZ5fAZJkDIjL7DbDOIEk0YQpkOVBEQ9IC2g0jVPsV/NfWdqhE T6TLTnwN7zg0KSRGZSb5W3cP2lFVJVxc83kjo8yDzxgiuhqW5P4Qwfg14TPTp3rIt+C5 FWlcW5pP43UhuiFSz44KVknTxTkkPgW+wbRMnFfL6rTDa5JkoaSiKV5HgiU6b0G2NBqG a0ng== X-Gm-Message-State: AOAM531W5REYe5iQ8PmEt1VT+3Sd7Mx9YaWIGpU17NMooyH//R4n+fCE rKKhkS2Hb2ISYQp5nGsOUvFVoyIGLt5IsZ4lZ46ssQn+eBCqxzagZDADbuPCYD6A0aWXKCsw4/Y p1gC2x1fbuxRKq68zhj1XQ3oW1+qpd6NbrWNoxqZwT/IGzZNcc6KkzRYgtJTjwxMJsT2IU0UvRn PgLoOY40hHbWg= X-Google-Smtp-Source: ABdhPJylUR3sNlPGrcIHTP/ks3BL+7jWO7r1of8aGlQa61b3cZOZ3yEPpP49ZMUGfIg/OOZAMMQwWY/QD1kn9srVAw== X-Received: from howardchung-p920.tpe.corp.google.com ([2401:fa00:1:10:ff72:1420:4502:fdaf]) (user=howardchung job=sendgmr) by 2002:a05:6214:e4e:: with SMTP id o14mr4938933qvc.46.1627561688311; Thu, 29 Jul 2021 05:28:08 -0700 (PDT) Date: Thu, 29 Jul 2021 20:27:40 +0800 In-Reply-To: <20210729122751.3728885-1-howardchung@google.com> Message-Id: <20210729202648.Bluez.v6.2.Ibc0b5f02cb249f9aca9efe45e2dadc5e50b7d89e@changeid> Mime-Version: 1.0 References: <20210729122751.3728885-1-howardchung@google.com> X-Mailer: git-send-email 2.32.0.554.ge1b32706d8-goog Subject: [Bluez PATCH v6 02/13] core: add adapter and device allowed_uuid functions From: Howard Chung To: linux-bluetooth@vger.kernel.org, luiz.dentz@gmail.com Cc: Yun-Hao Chung , Miao-chen Chou Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Yun-Hao Chung This implements functions in src/adapter.c and src/device.c for plugins setting a list of allowed services. Reviewed-by: Miao-chen Chou --- (no changes since v1) src/adapter.c | 90 +++++++++++++++++++++++++++++++++++++++++++++++++++ src/adapter.h | 8 +++++ src/device.c | 64 +++++++++++++++++++++++++++++++++++- src/device.h | 2 ++ 4 files changed, 163 insertions(+), 1 deletion(-) diff --git a/src/adapter.c b/src/adapter.c index 663b778e4a5d..c7fe27d19a5d 100644 --- a/src/adapter.c +++ b/src/adapter.c @@ -260,6 +260,8 @@ struct btd_adapter { struct btd_battery_provider_manager *battery_provider_manager; + GHashTable *allowed_uuid_set; /* Set of allowed service UUIDs */ + gboolean initialized; GSList *pin_callbacks; @@ -3489,6 +3491,93 @@ static DBusMessage *connect_device(DBusConnection *conn, return NULL; } +static void update_device_allowed_services(void *data, void *user_data) +{ + struct btd_device *device = data; + + btd_device_update_allowed_services(device); +} + +static void add_uuid_to_uuid_set(void *data, void *user_data) +{ + bt_uuid_t *uuid = data; + GHashTable *uuid_set = user_data; + + if (!uuid) { + error("Found NULL in UUID allowed list"); + return; + } + + g_hash_table_add(uuid_set, uuid); +} + +static guint bt_uuid_hash(gconstpointer key) +{ + const bt_uuid_t *uuid = key; + bt_uuid_t uuid_128; + uint64_t *val; + + if (!uuid) + return 0; + + bt_uuid_to_uuid128(uuid, &uuid_128); + val = (uint64_t *)&uuid_128.value.u128; + + return g_int64_hash(val) ^ g_int64_hash(val+1); +} + +static gboolean bt_uuid_equal(gconstpointer v1, gconstpointer v2) +{ + const bt_uuid_t *uuid1 = v1; + const bt_uuid_t *uuid2 = v2; + + if (!uuid1 || !uuid2) + return !uuid1 && !uuid2; + + return bt_uuid_cmp(uuid1, uuid2) == 0; +} + +bool btd_adapter_set_allowed_uuids(struct btd_adapter *adapter, + struct queue *uuids) +{ + if (!adapter) + return false; + + if (adapter->allowed_uuid_set) + g_hash_table_destroy(adapter->allowed_uuid_set); + + adapter->allowed_uuid_set = g_hash_table_new(bt_uuid_hash, + bt_uuid_equal); + if (!adapter->allowed_uuid_set) { + btd_error(adapter->dev_id, + "Failed to allocate allowed_uuid_set"); + return false; + } + + queue_foreach(uuids, add_uuid_to_uuid_set, adapter->allowed_uuid_set); + g_slist_foreach(adapter->devices, update_device_allowed_services, NULL); + + return true; +} + +bool btd_adapter_is_uuid_allowed(struct btd_adapter *adapter, + const char *uuid_str) +{ + bt_uuid_t uuid; + + if (!adapter || !adapter->allowed_uuid_set) + return true; + + if (bt_string_to_uuid(&uuid, uuid_str)) { + btd_error(adapter->dev_id, + "Failed to parse UUID string '%s'", uuid_str); + return false; + } + + return !g_hash_table_size(adapter->allowed_uuid_set) || + g_hash_table_contains(adapter->allowed_uuid_set, &uuid); +} + static const GDBusMethodTable adapter_methods[] = { { GDBUS_ASYNC_METHOD("StartDiscovery", NULL, NULL, start_discovery) }, { GDBUS_METHOD("SetDiscoveryFilter", @@ -5404,6 +5493,7 @@ static void adapter_free(gpointer user_data) g_free(adapter->stored_alias); g_free(adapter->current_alias); free(adapter->modalias); + g_hash_table_destroy(adapter->allowed_uuid_set); g_free(adapter); } diff --git a/src/adapter.h b/src/adapter.h index 60b5e3bcca34..7cac51451249 100644 --- a/src/adapter.h +++ b/src/adapter.h @@ -25,6 +25,7 @@ struct btd_adapter; struct btd_device; +struct queue; struct btd_adapter *btd_adapter_get_default(void); bool btd_adapter_is_default(struct btd_adapter *adapter); @@ -97,6 +98,8 @@ void adapter_service_remove(struct btd_adapter *adapter, uint32_t handle); struct agent *adapter_get_agent(struct btd_adapter *adapter); +bool btd_adapter_uuid_is_allowed(struct btd_adapter *adapter, const char *uuid); + struct btd_adapter *btd_adapter_ref(struct btd_adapter *adapter); void btd_adapter_unref(struct btd_adapter *adapter); @@ -240,3 +243,8 @@ enum kernel_features { }; bool btd_has_kernel_features(uint32_t feature); + +bool btd_adapter_set_allowed_uuids(struct btd_adapter *adapter, + struct queue *uuids); +bool btd_adapter_is_uuid_allowed(struct btd_adapter *adapter, + const char *uuid_str); diff --git a/src/device.c b/src/device.c index b29aa195d19b..c4a4497da01f 100644 --- a/src/device.c +++ b/src/device.c @@ -1929,6 +1929,56 @@ static int service_prio_cmp(gconstpointer a, gconstpointer b) return p2->priority - p1->priority; } +bool btd_device_all_services_allowed(struct btd_device *dev) +{ + GSList *l; + struct btd_adapter *adapter = dev->adapter; + struct btd_service *service; + struct btd_profile *profile; + + for (l = dev->services; l != NULL; l = g_slist_next(l)) { + service = l->data; + profile = btd_service_get_profile(service); + + if (!profile || !profile->auto_connect) + continue; + + if (!btd_adapter_is_uuid_allowed(adapter, profile->remote_uuid)) + return false; + } + + return true; +} + +void btd_device_update_allowed_services(struct btd_device *dev) +{ + struct btd_adapter *adapter = dev->adapter; + struct btd_service *service; + struct btd_profile *profile; + GSList *l; + bool is_allowed; + char addr[18]; + + /* If service discovery is ongoing, let the service discovery complete + * callback call this function. + */ + if (dev->browse) { + ba2str(&dev->bdaddr, addr); + DBG("service discovery of %s is ongoing. Skip updating allowed " + "services", addr); + return; + } + + for (l = dev->services; l != NULL; l = g_slist_next(l)) { + service = l->data; + profile = btd_service_get_profile(service); + + is_allowed = btd_adapter_is_uuid_allowed(adapter, + profile->remote_uuid); + btd_service_set_allowed(service, is_allowed); + } +} + static GSList *create_pending_list(struct btd_device *dev, const char *uuid) { struct btd_service *service; @@ -1937,9 +1987,14 @@ static GSList *create_pending_list(struct btd_device *dev, const char *uuid) if (uuid) { service = find_connectable_service(dev, uuid); - if (service) + + if (!service) + return dev->pending; + + if (btd_service_is_allowed(service)) return g_slist_prepend(dev->pending, service); + info("service %s is blocked", uuid); return dev->pending; } @@ -1950,6 +2005,11 @@ static GSList *create_pending_list(struct btd_device *dev, const char *uuid) if (!p->auto_connect) continue; + if (!btd_service_is_allowed(service)) { + info("service %s is blocked", p->remote_uuid); + continue; + } + if (g_slist_find(dev->pending, service)) continue; @@ -2633,6 +2693,8 @@ static void device_svc_resolved(struct btd_device *dev, uint8_t browse_type, dev->svc_callbacks); g_free(cb); } + + btd_device_update_allowed_services(dev); } static struct bonding_req *bonding_request_new(DBusMessage *msg, diff --git a/src/device.h b/src/device.h index 4ae9abe0dbb4..5f615cb4b6b2 100644 --- a/src/device.h +++ b/src/device.h @@ -175,5 +175,7 @@ uint32_t btd_device_get_current_flags(struct btd_device *dev); void btd_device_flags_changed(struct btd_device *dev, uint32_t supported_flags, uint32_t current_flags); +bool btd_device_all_services_allowed(struct btd_device *dev); +void btd_device_update_allowed_services(struct btd_device *dev); void btd_device_init(void); void btd_device_cleanup(void); From patchwork Thu Jul 29 12:27:42 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Howard Chung X-Patchwork-Id: 488866 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-21.3 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 479E4C4338F for ; Thu, 29 Jul 2021 12:28:23 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 2982260F02 for ; Thu, 29 Jul 2021 12:28:23 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237047AbhG2M2Z (ORCPT ); Thu, 29 Jul 2021 08:28:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59842 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237089AbhG2M2Y (ORCPT ); Thu, 29 Jul 2021 08:28:24 -0400 Received: from mail-yb1-xb49.google.com (mail-yb1-xb49.google.com [IPv6:2607:f8b0:4864:20::b49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F2005C0613C1 for ; Thu, 29 Jul 2021 05:28:20 -0700 (PDT) Received: by mail-yb1-xb49.google.com with SMTP id j9-20020a2581490000b02905897d81c63fso1014738ybm.8 for ; Thu, 29 Jul 2021 05:28:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=L6lNNaSX6qQORZqT2VoBUMM9LUS7LaDIzlSN+vZ3p6I=; b=GMCnMOCRaAO7Za/aFmII2fUUSdrjgf6nkctSrs0AV0SllUrTuFvhahUbqIyc+W9Nz4 7ZRfxK+xIPb4SEgERTEevHRfi0lfgycgW/kp2/3LElPo0kEHNU2BFFsAsPKT7mNHVxVN OEBtGbi5GAdPCGWRRgcnXwrKyguqvH0bA4IafZfc3hBU+8rrZomEoHeBLOVbB0a9amn+ O1D6BRUyZhyyNqzQ+hK/piHJeZK5LqQvWyuBAll2EYWqKJrhFvzqEp+7ZRmvvauVGUB5 xalWOaSpMNbrW/Z7obmDGzty1HanDTB5MYKXh4M2EaFCl3ie+WshIdPPU0ieEmF/vt6g oNkw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=L6lNNaSX6qQORZqT2VoBUMM9LUS7LaDIzlSN+vZ3p6I=; b=osK93m97Lu9jYZ6ovc8mi+jWp8mb6GAGladOd534TsKOfpqEbSKTAlW9XSU9bFxZGX 1VYYvM/ubnkPTWd8A8oTx+eombIlR2Jt0XQGRorKtBXgqmq+YQhtF7XAa6PG1K7fsp5i RFCq+ODfzJxG5M4ReH5WMHCx6U3Ya3jGYW7r1nFTfGFmICJLOxgqqeE5cX6KbkUJJblC 6CC55wknkt6z2R8j2hi/enBGILF8HgdbYftjoq7tvdGTeM00sNjK2tqFMA3hjJQeiA7v 62KHwfQsHAGEqxxOoYE/PN0ZaTbG8efnIfwXJswMvoxDgUJZ+rUZgy0GVQQvudH7Cv6r v5CA== X-Gm-Message-State: AOAM5332F8lan7Wv5Of3fJD+Fbxq2mBqVnSNePzo++VvVvwmI3u0GW2q VTAMolMZpevCgZu9+ewsE11B3G2gNXwAERpDqNFcT/pFANKzB5G7gkL1uLizQ5G2pY4pXxQyktX lU8B1OlnvSwuJdxbW0mevsPIur1UBT7kpBdpVjUc4X64ezMY4/U+Mk7kjalHnsqnHrBcyOvOb2s 5rytKGcTMQDmM= X-Google-Smtp-Source: ABdhPJx6OQbn7Qt8uMKvsNgIQvZYnd3zKkJR2utbw3ynber2PB2qmhKbum9LCFMho3B5YekZLzMaNX2L6hFjvqO5Ew== X-Received: from howardchung-p920.tpe.corp.google.com ([2401:fa00:1:10:ff72:1420:4502:fdaf]) (user=howardchung job=sendgmr) by 2002:a25:ac64:: with SMTP id r36mr6282842ybd.369.1627561700132; Thu, 29 Jul 2021 05:28:20 -0700 (PDT) Date: Thu, 29 Jul 2021 20:27:42 +0800 In-Reply-To: <20210729122751.3728885-1-howardchung@google.com> Message-Id: <20210729202648.Bluez.v6.4.Ia4dc489979e4bf7ffa3421199b1b9fd8d7f00bbc@changeid> Mime-Version: 1.0 References: <20210729122751.3728885-1-howardchung@google.com> X-Mailer: git-send-email 2.32.0.554.ge1b32706d8-goog Subject: [Bluez PATCH v6 04/13] core: block not allowed UUID connect in auth From: Howard Chung To: linux-bluetooth@vger.kernel.org, luiz.dentz@gmail.com Cc: Yun-Hao Chung Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Yun-Hao Chung This ensures any incoming profile connection will be blocked if its UUID is not allowed by the following assumption: 1. Each system profile asks adapter authorization when seeing a incoming connection. 2. Each external profile checks if its UUID is allowed by adapter when seeing a incoming connection. --- The following test steps were performed after enabling admin plugin: 1. Set ServiceAllowList to ["1234"]. 2. Turn on a paired classic keyboard. Verify it can not be connected. 3. Set ServiceAllowList to ["1800","1801","180A","180F","1812"] 4. Turn off and turn on the keyboard. Verift it can be connected. (no changes since v1) src/adapter.c | 5 +++++ src/profile.c | 11 +++++++++++ 2 files changed, 16 insertions(+) diff --git a/src/adapter.c b/src/adapter.c index c7fe27d19a5d..6c8096147bdd 100644 --- a/src/adapter.c +++ b/src/adapter.c @@ -7118,6 +7118,11 @@ static gboolean process_auth_queue(gpointer user_data) if (auth->svc_id > 0) return FALSE; + if (!btd_adapter_is_uuid_allowed(adapter, auth->uuid)) { + auth->cb(&err, auth->user_data); + goto next; + } + if (device_is_trusted(device) == TRUE) { auth->cb(NULL, auth->user_data); goto next; diff --git a/src/profile.c b/src/profile.c index 60d17b6ae657..e1bebf1ee19c 100644 --- a/src/profile.c +++ b/src/profile.c @@ -1249,6 +1249,11 @@ static void ext_confirm(GIOChannel *io, gpointer user_data) DBG("incoming connect from %s", addr); + if (!btd_adapter_is_uuid_allowed(adapter_find(&src), uuid)) { + info("UUID %s is not allowed. Igoring the connection", uuid); + return; + } + conn = create_conn(server, io, &src, &dst); if (conn == NULL) return; @@ -1272,6 +1277,7 @@ static void ext_direct_connect(GIOChannel *io, GError *err, gpointer user_data) struct ext_profile *ext = server->ext; GError *gerr = NULL; struct ext_io *conn; + const char *uuid = ext->service ? ext->service : ext->uuid; bdaddr_t src, dst; bt_io_get(io, &gerr, @@ -1285,6 +1291,11 @@ static void ext_direct_connect(GIOChannel *io, GError *err, gpointer user_data) return; } + if (!btd_adapter_is_uuid_allowed(adapter_find(&src), uuid)) { + info("UUID %s is not allowed. Igoring the connection", uuid); + return; + } + conn = create_conn(server, io, &src, &dst); if (conn == NULL) return; From patchwork Thu Jul 29 12:27:44 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Howard Chung X-Patchwork-Id: 488865 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-26.3 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED,USER_AGENT_GIT,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4289AC4338F for ; Thu, 29 Jul 2021 12:28:33 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 2A95A60ED4 for ; Thu, 29 Jul 2021 12:28:33 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236927AbhG2M2f (ORCPT ); Thu, 29 Jul 2021 08:28:35 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59894 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236976AbhG2M2e (ORCPT ); Thu, 29 Jul 2021 08:28:34 -0400 Received: from mail-qk1-x74a.google.com (mail-qk1-x74a.google.com [IPv6:2607:f8b0:4864:20::74a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EA16EC061765 for ; Thu, 29 Jul 2021 05:28:30 -0700 (PDT) Received: by mail-qk1-x74a.google.com with SMTP id u22-20020ae9c0160000b02903b488f9d348so3702377qkk.20 for ; Thu, 29 Jul 2021 05:28:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=mDdEFCjpHD/uWglCa7g2e7wWzLT0QoSSZnVpKWZCPo4=; b=AyXyOWfBN7ZM6tBAQpok+eKjmCT++RGqnUTSOzcKp5APcOjqxsoiZVp9QDlW4O6/ne 2WderqJU2PEEra8xg9gpYCfg58OWldSofqLqh7rOUsnji7HZ6B3T5f3G4OWB8MwTy+Pk Im5c3/hV69W9/e2IGIda89KsX3rMUJrVwroK40y3hcxNqnHFb0YZJ/rgF9lrJAQN+ftq XvMSrN+N9GJQFu7quBHy+HUWThgAjrgteonZuvO1Y2LSgNVhBlLaLZ7/cyfSoX+dDf2R o4Y5e8Kms+3zxkd6kVlk2es1KgQTjUh2wtfHuuA4UjNU3F8uJlSW3K5bZROeqngqIvRf Jlqg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=mDdEFCjpHD/uWglCa7g2e7wWzLT0QoSSZnVpKWZCPo4=; b=h1Vg8Ymvp54dAt1XipTSMtUgKi8KREJ6wTzkEQwcW032A3XWo631vULKm3H1WpDgN5 okBdgbFsaNYPB/CSq/jEmYGAw7J6FIE00teTPuiZ7shnBxBMTuUUzXVQgoAQYkKX137g Ispuio29YHDCFLvtMfrBmYwYw4UwswtMG3IBu60SCPCIAXSRCUCOHSlMsgK1CdbgrN35 xl7JgTK6dCfomAMwfbh+muZTmRHdQtlDCRmBXBRInht0thek4y16xzAVmWERzInZ2y0S XE7j0diIFqROIKdTIm1nb98prqmYwp0Ppt7d4C3AhAgcVTuQo4kX4CUOnB6zgFqtM0+R t0Hw== X-Gm-Message-State: AOAM531btjeIsaDVcVhtlHJUAu24jFgjv5uGcZxsJJ6KruE5PA4fo2CK 2JNDeG5qmIfS0niUt57FTb1dFP0jB9nsf0vvqTaEB5i3dZsuCaN7jHnsK6OVrCd5BPI0tXcHA8Q +oS28EH7h7WJTr3xM33EpZ4iYEDuXH+gafgjofGrluoqPcjPLSJ1RHlkMFx81IUfWS+N09+oQnK ddfRZqU0cAROk= X-Google-Smtp-Source: ABdhPJzpoGwaknHTjMZC7T9pwoZVi/YqD3mOEQ56jfwe60QQD5fNaEDLNOjJ9RjiHkVHx+LrDBKNi/0e80uRkdqnRw== X-Received: from howardchung-p920.tpe.corp.google.com ([2401:fa00:1:10:ff72:1420:4502:fdaf]) (user=howardchung job=sendgmr) by 2002:a0c:fbd1:: with SMTP id n17mr5013725qvp.19.1627561710030; Thu, 29 Jul 2021 05:28:30 -0700 (PDT) Date: Thu, 29 Jul 2021 20:27:44 +0800 In-Reply-To: <20210729122751.3728885-1-howardchung@google.com> Message-Id: <20210729202648.Bluez.v6.6.Id0842634d98a21fbdfa5cc72c76a462a98bf6f40@changeid> Mime-Version: 1.0 References: <20210729122751.3728885-1-howardchung@google.com> X-Mailer: git-send-email 2.32.0.554.ge1b32706d8-goog Subject: [Bluez PATCH v6 06/13] plugins: new plugin From: Howard Chung To: linux-bluetooth@vger.kernel.org, luiz.dentz@gmail.com Cc: Yun-Hao Chung , Miao-chen Chou Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Yun-Hao Chung This adds an initial code for a new plugin admin. Reviewed-by: Miao-chen Chou --- (no changes since v1) Makefile.plugins | 5 +++++ bootstrap-configure | 1 + configure.ac | 4 ++++ plugins/admin.c | 30 ++++++++++++++++++++++++++++++ 4 files changed, 40 insertions(+) create mode 100644 plugins/admin.c diff --git a/Makefile.plugins b/Makefile.plugins index 4e6a72b0bdf6..69fb01001cc6 100644 --- a/Makefile.plugins +++ b/Makefile.plugins @@ -11,6 +11,11 @@ builtin_sources += plugins/autopair.c builtin_modules += policy builtin_sources += plugins/policy.c +if ADMIN +builtin_modules += admin +builtin_sources += plugins/admin.c +endif + if NFC builtin_modules += neard builtin_sources += plugins/neard.c diff --git a/bootstrap-configure b/bootstrap-configure index 0efd83abc2c4..a34be832068e 100755 --- a/bootstrap-configure +++ b/bootstrap-configure @@ -30,4 +30,5 @@ fi --enable-pie \ --enable-cups \ --enable-library \ + --enable-admin \ --disable-datafiles $* diff --git a/configure.ac b/configure.ac index a5afaea6cfcd..0744860b89fb 100644 --- a/configure.ac +++ b/configure.ac @@ -364,6 +364,10 @@ AC_ARG_ENABLE(logger, AC_HELP_STRING([--enable-logger], [enable HCI logger service]), [enable_logger=${enableval}]) AM_CONDITIONAL(LOGGER, test "${enable_logger}" = "yes") +AC_ARG_ENABLE(admin, AC_HELP_STRING([--enable-admin], + [enable admin policy plugin]), [enable_admin=${enableval}]) +AM_CONDITIONAL(ADMIN, test "${enable_admin}" = "yes") + if (test "${prefix}" = "NONE"); then dnl no prefix and no localstatedir, so default to /var if (test "$localstatedir" = '${prefix}/var'); then diff --git a/plugins/admin.c b/plugins/admin.c new file mode 100644 index 000000000000..42866bcf7be2 --- /dev/null +++ b/plugins/admin.c @@ -0,0 +1,30 @@ +// SPDX-License-Identifier: LGPL-2.1-or-later +/* + * + * BlueZ - Bluetooth protocol stack for Linux + * + * Copyright (C) 2021 Google LLC + * + * + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include "src/log.h" +#include "src/plugin.h" + +static int admin_init(void) +{ + DBG(""); +} + +static void admin_exit(void) +{ + DBG(""); +} + +BLUETOOTH_PLUGIN_DEFINE(admin, VERSION, + BLUETOOTH_PLUGIN_PRIORITY_DEFAULT, + admin_init, admin_exit) From patchwork Thu Jul 29 12:27:46 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Howard Chung X-Patchwork-Id: 488864 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-26.3 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED,USER_AGENT_GIT,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1632BC4338F for ; Thu, 29 Jul 2021 12:28:44 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id F1F7260F02 for ; Thu, 29 Jul 2021 12:28:43 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237099AbhG2M2p (ORCPT ); Thu, 29 Jul 2021 08:28:45 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59946 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236942AbhG2M2p (ORCPT ); Thu, 29 Jul 2021 08:28:45 -0400 Received: from mail-pj1-x104a.google.com (mail-pj1-x104a.google.com [IPv6:2607:f8b0:4864:20::104a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 26AFAC061765 for ; Thu, 29 Jul 2021 05:28:41 -0700 (PDT) Received: by mail-pj1-x104a.google.com with SMTP id f1-20020a17090a8e81b029017720af1cf6so6290601pjo.9 for ; Thu, 29 Jul 2021 05:28:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=+YRk0e87Fy4+hULeH4RsY+6kkkKU8k2ny1F7i1QOpA0=; b=tSFxuGQdNoVdUcVNpvyUYv5LfRYz5tAALEw+bB5cWqRIKO9UfX1MkkPxWCjJgBI5Gg b+OCAsyYpCqDs0HpNOYllPUYkC5eXlOC+m7UwDL2lhWfH8gY3DFcldhkiJ12xe74SbfN kFuNtzJAaTGkw8mI3//ipjZx5e7r3MGa9n1c/7KkvClLP2KYO3/IFFJRzFlT8gBN5bSo quVnzSHOpQ7LzyjOrwdJQZJofgjsexqqXxPvRNOYWgsOkBFcW6FjI9e0OQ3UmwpBD+JA kV8otrVsJ6BylChp12z2NT643TNxwnzlNkab3LGpgKF/7mESPR2i4PRVZE/Il2zDH3GM vT5g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=+YRk0e87Fy4+hULeH4RsY+6kkkKU8k2ny1F7i1QOpA0=; b=S+1ei4AHrqZZ5CcV3xubF+RA9cTmgguVdMnt76Vd0mZZh5Kx+uRLz07p6QrRnrhSRV gjbZhJ1ohjHNsFnEPXifq4eFhh4HcYBCXYIDSyWe21YTCBfWOnRo7bU8KgozkLNIxz4s ZwKuwWjJtgn3fPO2LgujfmMVckuYcJFbLk/PicX67vt8i+UuTsgpsReu+8Wvz3VeFDJh fLZMhYakADO/SZJVeeG/GEWGEXIW3H8JKbHpOMjL1LBbdVPeFYGzFfNq7rWKNsbmjO0r 3LoDyaBRJqB7DFDvqC9neJGOsIycN2jbHZOFNopzUxvGldB3XMbpme4LBh/gcp1SeFLH MQuQ== X-Gm-Message-State: AOAM531wblcjFsB0vlZEPNOuAEiOhMzH7AZqwyZKWzvTwY/BGtyOl5Vw 9MYUWmkRSEOK2ekoSgVB6kqyOk7mMhhbod49TW8lZ+3dcueBjbzpRGMlFqCtz/jXcJUSKQQiNcQ iTPpI3lLsdCAfsNjFw6pktXxgjiZi9bj2ZeP8dK328k3T0y7Jpm5EQ/nx0GmF1DQCOPNw5J1Kan tVQol7YYzRLjo= X-Google-Smtp-Source: ABdhPJzCoaY6oy+3swyu1UTNDYAhYhwPXSTFC7lg+1L4GbJgaumHuFdqY9V2x5pKSGI/PTTdG9TcJLgzxxTCFEMKkA== X-Received: from howardchung-p920.tpe.corp.google.com ([2401:fa00:1:10:ff72:1420:4502:fdaf]) (user=howardchung job=sendgmr) by 2002:a17:90a:d3ca:: with SMTP id d10mr14866927pjw.35.1627561720493; Thu, 29 Jul 2021 05:28:40 -0700 (PDT) Date: Thu, 29 Jul 2021 20:27:46 +0800 In-Reply-To: <20210729122751.3728885-1-howardchung@google.com> Message-Id: <20210729202648.Bluez.v6.8.Ifbb69dd6e371da3a914049a94615064479b9024b@changeid> Mime-Version: 1.0 References: <20210729122751.3728885-1-howardchung@google.com> X-Mailer: git-send-email 2.32.0.554.ge1b32706d8-goog Subject: [Bluez PATCH v6 08/13] plugins/admin: add ServiceAllowList method From: Howard Chung To: linux-bluetooth@vger.kernel.org, luiz.dentz@gmail.com Cc: Yun-Hao Chung , Miao-chen Chou Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Yun-Hao Chung This adds code to register interface org.bluez.AdminPolicySet1. The interface will provide methods to limit users to operate certain functions of bluez, such as allow/disallow user to taggle adapter power, or only allow users to connect services in the specified list, etc. This patch also implements ServiceAllowlist in org.bluez.AdminPolicySet1. Reviewed-by: Miao-chen Chou --- The following test steps were performed: 1. Set ServiceAllowList to ["1108","110A","110B","110C","110D","110E", "110F","1112","111E","111F","1203"] ( users are only allowed to connect headset ) 2. Turn on paired WF1000XM3, and listen music on Youtube. 3. Turn on paired K830 (LE device), press any key on keyboard. 4. Turn on paired Samsung Bluetooth Keyboard EE-BT550 (BREDR device), press any key on keyboard. 5. Set ServiceAllowList to ["1124","180A","180F","1812"] ( users are only allowed to connect HID devices ) 6. Turn on paired WF1000XM3, and listen music on Youtube. 7. Turn on paired K830 (LE device), press any key on keyboard. 8. Turn on paired Samsung Bluetooth Keyboard EE-BT550 (BREDR device), press any key on keyboard. 9. Set ServiceAllowList to [] ( users are only allowed to connect any device. ) 10. Turn on paired WF1000XM3, and listen music on Youtube. 11. Turn on paired K830 (LE device), press any key on keyboard. 12. Turn on paired Samsung Bluetooth Keyboard EE-BT550 (BREDR device), press any key on keyboard. Expected results: Step 2,7,8,9,10,11 should success, and step 3,4,6 should fail. (no changes since v1) plugins/admin.c | 127 +++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 126 insertions(+), 1 deletion(-) diff --git a/plugins/admin.c b/plugins/admin.c index 923e08cb836b..1fe2904d93d9 100644 --- a/plugins/admin.c +++ b/plugins/admin.c @@ -12,19 +12,29 @@ #include #endif +#include +#include + #include "lib/bluetooth.h" +#include "lib/uuid.h" #include "src/adapter.h" +#include "src/dbus-common.h" #include "src/error.h" #include "src/log.h" #include "src/plugin.h" #include "src/shared/queue.h" +#define ADMIN_POLICY_SET_INTERFACE "org.bluez.AdminPolicySet1" + +static DBusConnection *dbus_conn; + /* |policy_data| has the same life cycle as btd_adapter */ static struct btd_admin_policy { struct btd_adapter *adapter; uint16_t adapter_id; + struct queue *service_allowlist; } *policy_data = NULL; static struct btd_admin_policy *admin_policy_new(struct btd_adapter *adapter) @@ -40,19 +50,120 @@ static struct btd_admin_policy *admin_policy_new(struct btd_adapter *adapter) admin_policy->adapter = adapter; admin_policy->adapter_id = btd_adapter_get_index(adapter); + admin_policy->service_allowlist = NULL; return admin_policy; } +static void free_service_allowlist(struct queue *q) +{ + queue_destroy(q, g_free); +} + static void admin_policy_free(void *data) { struct btd_admin_policy *admin_policy = data; + free_service_allowlist(admin_policy->service_allowlist); g_free(admin_policy); } +static struct queue *parse_allow_service_list(struct btd_adapter *adapter, + DBusMessage *msg) +{ + DBusMessageIter iter, arr_iter; + struct queue *uuid_list = NULL; + + dbus_message_iter_init(msg, &iter); + if (dbus_message_iter_get_arg_type(&iter) != DBUS_TYPE_ARRAY) + return NULL; + + uuid_list = queue_new(); + dbus_message_iter_recurse(&iter, &arr_iter); + do { + const int type = dbus_message_iter_get_arg_type(&arr_iter); + char *uuid_param; + bt_uuid_t *uuid; + + if (type == DBUS_TYPE_INVALID) + break; + + if (type != DBUS_TYPE_STRING) + goto failed; + + dbus_message_iter_get_basic(&arr_iter, &uuid_param); + + uuid = g_try_malloc(sizeof(*uuid)); + if (!uuid) + goto failed; + + if (bt_string_to_uuid(uuid, uuid_param)) { + g_free(uuid); + goto failed; + } + + queue_push_head(uuid_list, uuid); + + dbus_message_iter_next(&arr_iter); + } while (true); + + return uuid_list; + +failed: + queue_destroy(uuid_list, g_free); + return NULL; +} + +static bool service_allowlist_set(struct btd_admin_policy *admin_policy, + struct queue *uuid_list) +{ + struct btd_adapter *adapter = admin_policy->adapter; + + if (!btd_adapter_set_allowed_uuids(adapter, uuid_list)) + return false; + + free_service_allowlist(admin_policy->service_allowlist); + admin_policy->service_allowlist = uuid_list; + + return true; +} + +static DBusMessage *set_service_allowlist(DBusConnection *conn, + DBusMessage *msg, void *user_data) +{ + struct btd_admin_policy *admin_policy = user_data; + struct btd_adapter *adapter = admin_policy->adapter; + struct queue *uuid_list = NULL; + const char *sender = dbus_message_get_sender(msg); + + DBG("sender %s", sender); + + /* Parse parameters */ + uuid_list = parse_allow_service_list(adapter, msg); + if (!uuid_list) { + btd_error(admin_policy->adapter_id, + "Failed on parsing allowed service list"); + return btd_error_invalid_args(msg); + } + + if (!service_allowlist_set(admin_policy, uuid_list)) { + free_service_allowlist(uuid_list); + return btd_error_failed(msg, "service_allowlist_set failed"); + } + + return dbus_message_new_method_return(msg); +} + +static const GDBusMethodTable admin_policy_adapter_methods[] = { + { GDBUS_METHOD("SetServiceAllowList", GDBUS_ARGS({ "UUIDs", "as" }), + NULL, set_service_allowlist) }, + { } +}; + static int admin_policy_adapter_probe(struct btd_adapter *adapter) { + const char *adapter_path; + if (policy_data) { btd_warn(policy_data->adapter_id, "Policy data already exists"); @@ -64,8 +175,20 @@ static int admin_policy_adapter_probe(struct btd_adapter *adapter) if (!policy_data) return -ENOMEM; - btd_info(policy_data->adapter_id, "Admin Policy has been enabled"); + adapter_path = adapter_get_path(adapter); + if (!g_dbus_register_interface(dbus_conn, adapter_path, + ADMIN_POLICY_SET_INTERFACE, + admin_policy_adapter_methods, NULL, + NULL, policy_data, admin_policy_free)) { + btd_error(policy_data->adapter_id, + "Admin Policy Set interface init failed on path %s", + adapter_path); + return -EINVAL; + } + + btd_info(policy_data->adapter_id, + "Admin Policy Set interface registered"); return 0; } @@ -79,6 +202,8 @@ static int admin_init(void) { DBG(""); + dbus_conn = btd_get_dbus_connection(); + return btd_register_adapter_driver(&admin_policy_driver); } From patchwork Thu Jul 29 12:27:48 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Howard Chung X-Patchwork-Id: 488863 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-23.5 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, UNWANTED_LANGUAGE_BODY, URIBL_BLOCKED, USER_AGENT_GIT, USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 16E51C4338F for ; Thu, 29 Jul 2021 12:28:54 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 0078760ED4 for ; Thu, 29 Jul 2021 12:28:53 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237139AbhG2M24 (ORCPT ); Thu, 29 Jul 2021 08:28:56 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60000 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237112AbhG2M2z (ORCPT ); Thu, 29 Jul 2021 08:28:55 -0400 Received: from mail-yb1-xb49.google.com (mail-yb1-xb49.google.com [IPv6:2607:f8b0:4864:20::b49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 12C75C061765 for ; Thu, 29 Jul 2021 05:28:52 -0700 (PDT) Received: by mail-yb1-xb49.google.com with SMTP id w200-20020a25c7d10000b02905585436b530so6524993ybe.21 for ; Thu, 29 Jul 2021 05:28:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=8kh0kYIyDfN7IZp2L3gpiT2YN98Q7N2b0Om3iMdzQt4=; b=egSqmb+0d2nx4/8GqElZGbFgwzqQ3LBuISQSZiHRUrrAC50O41qcgjgdXphe1dzQoV R9iey86P05exbGuwizC+VtGLgtWNFJK16afxAMjw3I2hlwLwp9WJu1IF/d+hz7U2x3oW MGOw1YVFbjncAyBZXkPV5KrAyi6nBW/Tw4oo82OT+4qbEM7n9ZF8O87//nrWdg5IaKBe Bpzm84pOkvy49SrlxU9fHA0tXPCK4xfk1Em/Q8R4RaVVsyelaJqUChw3LEqmk15FUC9N bBdVHiqptBQa5U2v0Zwxzbu1GqF3KINVoN2gCPFx4jEV4uFJ050lYKlqcsxWrJdCiyMw e7Xw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=8kh0kYIyDfN7IZp2L3gpiT2YN98Q7N2b0Om3iMdzQt4=; b=pIa/7rHGFArWGwxu3aJ6+BZt62otLmRwzQnHUg+xxxSoBGYlMd1kePYZDybSm1D7+1 NuQuyPfMGF2cT9dVmw99Bj2gxBigUs6RigsSbLpwgFtOdgQSk/041ygG+xvpKh8AsQyp rZF9zcCibogP2QzPmPP15w+Kt/gqlbOIlRwP7VuiYWr/0LwfI10zDYhSplDSuxAMRY5V B/OTo1epBkwTqt/OwGemEovuSJ3gEdjDOkJSA7qd6XMrsIYbVpcQhcxeMLmfy81QMeWk pUEtrey5+kDUGGJtm+0iBuqYVeFaz39cDogIkAH1aP9t926JGTzIg6fdPckLuBjb32Dz NYbw== X-Gm-Message-State: AOAM532VKJz9sqiT6APwc+MEnKVuTtJoSAC+HWtZy5I2AIelk7L7T0dg x0Fxv5X1w7ojXD7ui6DjKozA+L30WXrIeROSwbocFS0ZqpZByN2uzX/BTmURULkybRUy+GGCrNe ChGxL/khPcGUaMVn5G1n8Pb+XScM1DcLIVwRA7fxkZDO06+NPmUJQY1O3bUq1eeLefzKOEohbL9 xaOfGWRcXEd+Y= X-Google-Smtp-Source: ABdhPJyg8PIpWsgB4ROWZY8z9OdVmh2Ji1KpGJn9C1kkoEm6nkfaQ7nfH6UPq/ud40kmh2onIDvwDVqSim1kO0Qk1A== X-Received: from howardchung-p920.tpe.corp.google.com ([2401:fa00:1:10:ff72:1420:4502:fdaf]) (user=howardchung job=sendgmr) by 2002:a25:aa6a:: with SMTP id s97mr6117812ybi.313.1627561731205; Thu, 29 Jul 2021 05:28:51 -0700 (PDT) Date: Thu, 29 Jul 2021 20:27:48 +0800 In-Reply-To: <20210729122751.3728885-1-howardchung@google.com> Message-Id: <20210729202648.Bluez.v6.10.I517e5199ac8019b770c7ee8c92a294ec1c752748@changeid> Mime-Version: 1.0 References: <20210729122751.3728885-1-howardchung@google.com> X-Mailer: git-send-email 2.32.0.554.ge1b32706d8-goog Subject: [Bluez PATCH v6 10/13] plugins/admin: add device callbacks From: Howard Chung To: linux-bluetooth@vger.kernel.org, luiz.dentz@gmail.com Cc: Yun-Hao Chung , Miao-chen Chou Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Yun-Hao Chung This adds callbacks for device added and device removed. It is necessary for implementation of "AffectedByPolicy" property since it needs to register an interface for each device object and unregister it once the device gets removed. Reviewed-by: Miao-chen Chou --- The following test steps were performed: 1. start discovery using UI 2. verify device_data were added by checking system log 3. stop discovery 4. verify device_data were removed after a few seconds by checking system log (no changes since v1) plugins/admin.c | 78 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 78 insertions(+) diff --git a/plugins/admin.c b/plugins/admin.c index d89a77c8a123..37dae77ac448 100644 --- a/plugins/admin.c +++ b/plugins/admin.c @@ -20,6 +20,7 @@ #include "src/adapter.h" #include "src/dbus-common.h" +#include "src/device.h" #include "src/error.h" #include "src/log.h" #include "src/plugin.h" @@ -29,7 +30,11 @@ #define ADMIN_POLICY_SET_INTERFACE "org.bluez.AdminPolicySet1" #define ADMIN_POLICY_STATUS_INTERFACE "org.bluez.AdminPolicyStatus1" +#define DBUS_BLUEZ_SERVICE "org.bluez" +#define BTD_DEVICE_INTERFACE "org.bluez.Device1" + static DBusConnection *dbus_conn; +static struct queue *devices; /* List of struct device_data objects */ /* |policy_data| has the same life cycle as btd_adapter */ static struct btd_admin_policy { @@ -38,6 +43,11 @@ static struct btd_admin_policy { struct queue *service_allowlist; } *policy_data = NULL; +struct device_data { + struct btd_device *device; + char *path; +}; + static struct btd_admin_policy *admin_policy_new(struct btd_adapter *adapter) { struct btd_admin_policy *admin_policy = NULL; @@ -203,6 +213,37 @@ static const GDBusPropertyTable admin_policy_adapter_properties[] = { { } }; +static bool device_data_match(const void *a, const void *b) +{ + const struct device_data *data = a; + const struct btd_device *dev = b; + + if (!data) { + error("Unexpected NULL device_data"); + return false; + } + + return data->device == dev; +} + +static void free_device_data(void *data) +{ + struct device_data *device_data = data; + + g_free(device_data->path); + g_free(device_data); +} + +static void remove_device_data(void *data) +{ + struct device_data *device_data = data; + + DBG("device_data for %s removing", device_data->path); + + queue_remove(devices, device_data); + free_device_data(device_data); +} + static int admin_policy_adapter_probe(struct btd_adapter *adapter) { const char *adapter_path; @@ -250,10 +291,45 @@ static int admin_policy_adapter_probe(struct btd_adapter *adapter) return 0; } +static void admin_policy_device_added(struct btd_adapter *adapter, + struct btd_device *device) +{ + struct device_data *data; + + if (queue_find(devices, device_data_match, device)) + return; + + data = g_new0(struct device_data, 1); + if (!data) { + btd_error(btd_adapter_get_index(adapter), + "Failed to allocate memory for device_data"); + return; + } + + data->device = device; + data->path = g_strdup(device_get_path(device)); + queue_push_tail(devices, data); + + DBG("device_data for %s added", data->path); +} + +static void admin_policy_device_removed(struct btd_adapter *adapter, + struct btd_device *device) +{ + struct device_data *data; + + data = queue_find(devices, device_data_match, device); + + if (data) + remove_device_data(data); +} + static struct btd_adapter_driver admin_policy_driver = { .name = "admin_policy", .probe = admin_policy_adapter_probe, .resume = NULL, + .device_added = admin_policy_device_added, + .device_removed = admin_policy_device_removed }; static int admin_init(void) @@ -261,6 +337,7 @@ static int admin_init(void) DBG(""); dbus_conn = btd_get_dbus_connection(); + devices = queue_new(); return btd_register_adapter_driver(&admin_policy_driver); } @@ -270,6 +347,7 @@ static void admin_exit(void) DBG(""); btd_unregister_adapter_driver(&admin_policy_driver); + queue_destroy(devices, free_device_data); if (policy_data) admin_policy_free(policy_data); From patchwork Thu Jul 29 12:27:50 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Howard Chung X-Patchwork-Id: 488862 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-23.5 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, UNWANTED_LANGUAGE_BODY, URIBL_BLOCKED, USER_AGENT_GIT, USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8BA0CC4338F for ; Thu, 29 Jul 2021 12:29:05 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 76F7260F02 for ; Thu, 29 Jul 2021 12:29:05 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237209AbhG2M3H (ORCPT ); Thu, 29 Jul 2021 08:29:07 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60056 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237112AbhG2M3G (ORCPT ); Thu, 29 Jul 2021 08:29:06 -0400 Received: from mail-qk1-x74a.google.com (mail-qk1-x74a.google.com [IPv6:2607:f8b0:4864:20::74a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F3C97C061765 for ; Thu, 29 Jul 2021 05:29:02 -0700 (PDT) Received: by mail-qk1-x74a.google.com with SMTP id c3-20020a05620a0ce3b02903b8eff05707so3129288qkj.5 for ; Thu, 29 Jul 2021 05:29:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=jBkhQ2uYe84K1xkjEXWDQaa9uaP7sg8rDmJHv7TS0ug=; b=pTbREdCA4x/sgZmVCc/H024z/drV4ehoyyXPndddzt9W6WIiShWMuKql+BWhvJk4kE fJ1gKfTzrBbZOtwjSZrdWSB5JEXFzj48a5NqStX3UIEeu5TXl81vH+Fapsvwm1c4jqfK KOyEXxYf3Dfcfq4GhbZNjCIWzBlnOmBxJwHVqWD3sMo36OsyqAQW1XrN+qYbDVbRjjGa 5E2okDGcba5h7Mk04hHz0/ut+E1SE+LdJSCykn7CzdGHBIWkRdT778EN8aPe6NgNJBRr p72jQYsJBKphCfl26MwscbSPdudJtisY8iQywR3Oi0WYYq6hmvrRzBFllGj+fa8IgLbp z7zg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=jBkhQ2uYe84K1xkjEXWDQaa9uaP7sg8rDmJHv7TS0ug=; b=l3VAH6jQo4Peb8hAos836As0YYfy8ryppMLvrse2nus9cXOHRNggOJBqBi7pf+Azgj T3DfEIR/FGBIJ0335a7i6fshhyK/916/d59ey3KTCQ4EggpPHdaZfDJhWNdkL6BAyTUh GSEwNrDDRFTUAWoo9gWEQJWUZSjbSlJeoQXybZbBLIacP3fX5TtmY8mWr0c0bIJGR7ih 1uXPjqvhs/4/aa7gI09D3SaT2I5WgU24WiXa785kiVD6LL2WkKLQxZMI0eLmQtdVafXg vj9n5PYat3/tqO69KuMsD72t3z64ux2fWqXjzEPmE5UebiurJLKeNNCc+L//pCaS2zFx gqCw== X-Gm-Message-State: AOAM5315iG1Wm0Rm6M4BxHOt3kbIK3ne9pZkXK3ECqfweaKRhmjVkOff dclA6L8pyNfX24uKSuscPa6KRINEM26FM4Hg6rYqjyIfWxFXaeMsOgsZRliZZPA4VWUhGVNB9VV ZOh8RPGEDgr08TNVz298ntX8kuCL5thuCKoinFdzcUXuS4jb/0GrxGy3ZfmkkXjhUud3+wAtjOr IW65F8ZMYc3B4= X-Google-Smtp-Source: ABdhPJwR8IjR6IJYKEoDobiaoVVdpAU8wQ0FuawTF2iforRlGpmpZEsrNN+D5KM4B360tw55wDzifAZKYCJllPjuwA== X-Received: from howardchung-p920.tpe.corp.google.com ([2401:fa00:1:10:ff72:1420:4502:fdaf]) (user=howardchung job=sendgmr) by 2002:a05:6214:29c7:: with SMTP id gh7mr4919513qvb.36.1627561742016; Thu, 29 Jul 2021 05:29:02 -0700 (PDT) Date: Thu, 29 Jul 2021 20:27:50 +0800 In-Reply-To: <20210729122751.3728885-1-howardchung@google.com> Message-Id: <20210729202648.Bluez.v6.12.Ib26c0abdbd417673a8b5788c175c06110726a68c@changeid> Mime-Version: 1.0 References: <20210729122751.3728885-1-howardchung@google.com> X-Mailer: git-send-email 2.32.0.554.ge1b32706d8-goog Subject: [Bluez PATCH v6 12/13] plugins/admin: persist policy settings From: Howard Chung To: linux-bluetooth@vger.kernel.org, luiz.dentz@gmail.com Cc: Yun-Hao Chung , Miao-chen Chou Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Yun-Hao Chung This adds code to store the ServiceAllowlist to file /var/lib/bluetooth/{MAC_ADDR}/admin_policy The stored settings will be loaded upon admin_policy initialized. Reviewed-by: Miao-chen Chou --- The following test steps were performed: 1. Set ServiceAllowlist to ["1124","180A","180F","1812", "1801"] 2. restart bluetoothd 3. Verify ServiceAllowlist is ["1124","180A","180F","1812","1801"] in UUID-128 form 4. Set ServiceAllowlist to [] 5. restart bluetoothd 6. Verify ServiceAllowlist is [] (no changes since v1) plugins/admin.c | 169 +++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 167 insertions(+), 2 deletions(-) diff --git a/plugins/admin.c b/plugins/admin.c index 653195a0e20b..8e6549ea8020 100644 --- a/plugins/admin.c +++ b/plugins/admin.c @@ -14,6 +14,9 @@ #include #include +#include +#include +#include #include "lib/bluetooth.h" #include "lib/uuid.h" @@ -24,11 +27,13 @@ #include "src/error.h" #include "src/log.h" #include "src/plugin.h" +#include "src/textfile.h" #include "src/shared/queue.h" #define ADMIN_POLICY_SET_INTERFACE "org.bluez.AdminPolicySet1" #define ADMIN_POLICY_STATUS_INTERFACE "org.bluez.AdminPolicyStatus1" +#define ADMIN_POLICY_STORAGE STORAGEDIR "/admin_policy_settings" #define DBUS_BLUEZ_SERVICE "org.bluez" #define BTD_DEVICE_INTERFACE "org.bluez.Device1" @@ -161,6 +166,8 @@ static void update_device_affected(void *data, void *user_data) ADMIN_POLICY_STATUS_INTERFACE, "AffectedByPolicy"); } +static void store_policy_settings(struct btd_admin_policy *admin_policy); + static DBusMessage *set_service_allowlist(DBusConnection *conn, DBusMessage *msg, void *user_data) { @@ -179,7 +186,9 @@ static DBusMessage *set_service_allowlist(DBusConnection *conn, return btd_error_invalid_args(msg); } - if (!service_allowlist_set(admin_policy, uuid_list)) { + if (service_allowlist_set(admin_policy, uuid_list)) { + store_policy_settings(admin_policy); + } else { free_service_allowlist(uuid_list); return btd_error_failed(msg, "service_allowlist_set failed"); } @@ -200,7 +209,7 @@ static const GDBusMethodTable admin_policy_adapter_methods[] = { { } }; -void append_service_uuid(void *data, void *user_data) +static void append_service_uuid(void *data, void *user_data) { bt_uuid_t *uuid = data; DBusMessageIter *entry = user_data; @@ -237,6 +246,161 @@ static const GDBusPropertyTable admin_policy_adapter_properties[] = { { } }; +static void free_uuid_strings(char **uuid_strs, gsize num) +{ + gsize i; + + for (i = 0; i < num; i++) + g_free(uuid_strs[i]); + g_free(uuid_strs); +} + +static char **new_uuid_strings(struct queue *allowlist, gsize *num) +{ + const struct queue_entry *entry = NULL; + bt_uuid_t *uuid = NULL; + char **uuid_strs = NULL; + gsize i = 0, allowlist_num; + + /* Set num to a non-zero number so that whoever call this could know if + * this function success or not + */ + *num = 1; + + allowlist_num = queue_length(allowlist); + uuid_strs = g_try_malloc_n(allowlist_num, sizeof(char *)); + if (!uuid_strs) + return NULL; + + for (entry = queue_get_entries(allowlist); entry != NULL; + entry = entry->next) { + uuid = entry->data; + uuid_strs[i] = g_try_malloc0(MAX_LEN_UUID_STR * sizeof(char)); + + if (!uuid_strs[i]) + goto failed; + + bt_uuid_to_string(uuid, uuid_strs[i], MAX_LEN_UUID_STR); + i++; + } + + *num = allowlist_num; + return uuid_strs; + +failed: + free_uuid_strings(uuid_strs, i); + + return NULL; +} + +static void store_policy_settings(struct btd_admin_policy *admin_policy) +{ + GKeyFile *key_file = NULL; + char *filename = ADMIN_POLICY_STORAGE; + char *key_file_data = NULL; + char **uuid_strs = NULL; + gsize length, num_uuids; + + key_file = g_key_file_new(); + + uuid_strs = new_uuid_strings(admin_policy->service_allowlist, + &num_uuids); + + if (!uuid_strs && num_uuids) { + btd_error(admin_policy->adapter_id, + "Failed to allocate uuid strings"); + goto failed; + } + + g_key_file_set_string_list(key_file, "General", "ServiceAllowlist", + (const gchar * const *)uuid_strs, + num_uuids); + + if (create_file(ADMIN_POLICY_STORAGE, 0600) < 0) { + btd_error(admin_policy->adapter_id, "create %s failed, %s", + filename, strerror(errno)); + goto failed; + } + + key_file_data = g_key_file_to_data(key_file, &length, NULL); + g_file_set_contents(ADMIN_POLICY_STORAGE, key_file_data, length, NULL); + + g_free(key_file_data); + free_uuid_strings(uuid_strs, num_uuids); + +failed: + g_key_file_free(key_file); +} + +static void key_file_load_service_allowlist(GKeyFile *key_file, + struct btd_admin_policy *admin_policy) +{ + GError *gerr = NULL; + struct queue *uuid_list = NULL; + gchar **uuids = NULL; + gsize num, i; + + uuids = g_key_file_get_string_list(key_file, "General", + "ServiceAllowlist", &num, &gerr); + + if (gerr) { + btd_error(admin_policy->adapter_id, + "Failed to load ServiceAllowlist"); + g_error_free(gerr); + return; + } + + uuid_list = queue_new(); + for (i = 0; i < num; i++) { + bt_uuid_t *uuid = g_try_malloc(sizeof(*uuid)); + + if (!uuid) + goto failed; + + if (bt_string_to_uuid(uuid, *uuids)) { + + btd_error(admin_policy->adapter_id, + "Failed to convert '%s' to uuid struct", + *uuids); + + g_free(uuid); + goto failed; + } + + queue_push_tail(uuid_list, uuid); + uuids++; + } + + if (!service_allowlist_set(admin_policy, uuid_list)) + goto failed; + + return; +failed: + free_service_allowlist(uuid_list); +} + +static void load_policy_settings(struct btd_admin_policy *admin_policy) +{ + GKeyFile *key_file; + char *filename = ADMIN_POLICY_STORAGE; + struct stat st; + + if (stat(filename, &st) < 0) { + btd_error(admin_policy->adapter_id, + "Failed to get file %s information", + filename); + return; + } + + key_file = g_key_file_new(); + + g_key_file_load_from_file(key_file, filename, 0, NULL); + + key_file_load_service_allowlist(key_file, admin_policy); + + g_key_file_free(key_file); +} + static bool device_data_match(const void *a, const void *b) { const struct device_data *data = a; @@ -305,6 +469,7 @@ static int admin_policy_adapter_probe(struct btd_adapter *adapter) if (!policy_data) return -ENOMEM; + load_policy_settings(policy_data); adapter_path = adapter_get_path(adapter); if (!g_dbus_register_interface(dbus_conn, adapter_path,