From: Howard Chung <howardchung@google.com>
To: linux-bluetooth@vger.kernel.org, luiz.dentz@gmail.com
Cc: Yun-Hao Chung <howardchung@chromium.org>,
Miao-chen Chou <mcchou@chromium.org>
Subject: [Bluez PATCH v1 09/14] plugins/admin_policy: add ServiceAllowList method
Date: Thu, 8 Jul 2021 14:23:09 +0800 [thread overview]
Message-ID: <20210708142059.Bluez.v1.9.Ifbb69dd6e371da3a914049a94615064479b9024b@changeid> (raw)
In-Reply-To: <20210708062314.245754-1-howardchung@google.com>
From: Yun-Hao Chung <howardchung@chromium.org>
This adds code to register interface org.bluez.AdminPolicySet1.
The interface will provide methods to limit users to operate certain
functions of bluez, such as allow/disallow user to taggle adapter power,
or only allow users to connect services in the specified list, etc.
This patch also implements ServiceAllowlist in
org.bluez.AdminPolicySet1.
Reviewed-by: Miao-chen Chou <mcchou@chromium.org>
---
The following test steps were performed:
1. Set ServiceAllowList to
["0x1108","0x110A","0x110B","0x110C","0x110D","0x110E",
"0x110F","0x1112","0x111E","0x111F","0x1203"]
( users are only allowed to connect headset )
2. Turn on paired WF1000XM3, and listen music on Youtube.
3. Turn on paired K830 (LE device), press any key on keyboard.
4. Turn on paired Samsung Bluetooth Keyboard EE-BT550 (BREDR device),
press any key on keyboard.
5. Set ServiceAllowList to
["1124","180A","180F","1812"]
( users are only allowed to connect HID devices )
6. Turn on paired WF1000XM3, and listen music on Youtube.
7. Turn on paired K830 (LE device), press any key on keyboard.
8. Turn on paired Samsung Bluetooth Keyboard EE-BT550 (BREDR device),
press any key on keyboard.
9. Set ServiceAllowList to []
( users are only allowed to connect any device. )
10. Turn on paired WF1000XM3, and listen music on Youtube.
11. Turn on paired K830 (LE device), press any key on keyboard.
12. Turn on paired Samsung Bluetooth Keyboard EE-BT550 (BREDR device),
press any key on keyboard.
Expected results:
Step 2,7,8,9,10,11 should success, and step 3,4,6 should fail.
plugins/admin_policy.c | 123 ++++++++++++++++++++++++++++++++++++++++-
1 file changed, 122 insertions(+), 1 deletion(-)
diff --git a/plugins/admin_policy.c b/plugins/admin_policy.c
index 2ece871564e6..242b8d5dacb0 100644
--- a/plugins/admin_policy.c
+++ b/plugins/admin_policy.c
@@ -12,19 +12,29 @@
#include <config.h>
#endif
+#include <dbus/dbus.h>
+#include <gdbus/gdbus.h>
+
#include "lib/bluetooth.h"
+#include "lib/uuid.h"
#include "src/adapter.h"
+#include "src/dbus-common.h"
#include "src/error.h"
#include "src/log.h"
#include "src/plugin.h"
#include "src/shared/queue.h"
+#define ADMIN_POLICY_SET_INTERFACE "org.bluez.AdminPolicySet1"
+
+static DBusConnection *dbus_conn;
+
/* |policy_data| has the same life cycle as btd_adapter */
static struct btd_admin_policy {
struct btd_adapter *adapter;
uint16_t adapter_id;
+ struct queue *service_allowlist;
} *policy_data = NULL;
static struct btd_admin_policy *admin_policy_new(struct btd_adapter *adapter)
@@ -40,17 +50,116 @@ static struct btd_admin_policy *admin_policy_new(struct btd_adapter *adapter)
admin_policy->adapter = adapter;
admin_policy->adapter_id = btd_adapter_get_index(adapter);
+ admin_policy->service_allowlist = NULL;
return admin_policy;
}
+static void free_service_allowlist(struct queue *q)
+{
+ queue_destroy(q, g_free);
+}
+
static void admin_policy_free(void *data)
{
struct btd_admin_policy *admin_policy = data;
+ free_service_allowlist(admin_policy->service_allowlist);
g_free(admin_policy);
}
+static struct queue *parse_allow_service_list(struct btd_adapter *adapter,
+ DBusMessage *msg)
+{
+ DBusMessageIter iter, arr_iter;
+ struct queue *uuid_list = NULL;
+
+ dbus_message_iter_init(msg, &iter);
+ if (dbus_message_iter_get_arg_type(&iter) != DBUS_TYPE_ARRAY)
+ return NULL;
+
+ uuid_list = queue_new();
+ dbus_message_iter_recurse(&iter, &arr_iter);
+ do {
+ const int type = dbus_message_iter_get_arg_type(&arr_iter);
+ char *uuid_param;
+ bt_uuid_t *uuid;
+
+ if (type == DBUS_TYPE_INVALID)
+ break;
+
+ if (type != DBUS_TYPE_STRING)
+ goto failed;
+
+ dbus_message_iter_get_basic(&arr_iter, &uuid_param);
+
+ uuid = g_try_malloc(sizeof(*uuid));
+ if (!uuid)
+ goto failed;
+
+ if (bt_string_to_uuid(uuid, uuid_param)) {
+ g_free(uuid);
+ goto failed;
+ }
+
+ queue_push_head(uuid_list, uuid);
+
+ dbus_message_iter_next(&arr_iter);
+ } while (true);
+
+ return uuid_list;
+
+failed:
+ queue_destroy(uuid_list, g_free);
+ return NULL;
+}
+
+static bool service_allowlist_set(struct btd_admin_policy *admin_policy,
+ struct queue *uuid_list)
+{
+ struct btd_adapter *adapter = admin_policy->adapter;
+
+ if (!btd_adapter_set_allowed_uuids(adapter, uuid_list))
+ return false;
+
+ free_service_allowlist(admin_policy->service_allowlist);
+ admin_policy->service_allowlist = uuid_list;
+
+ return true;
+}
+
+static DBusMessage *set_service_allowlist(DBusConnection *conn,
+ DBusMessage *msg, void *user_data)
+{
+ struct btd_admin_policy *admin_policy = user_data;
+ struct btd_adapter *adapter = admin_policy->adapter;
+ struct queue *uuid_list = NULL;
+ const char *sender = dbus_message_get_sender(msg);
+
+ DBG("sender %s", sender);
+
+ /* Parse parameters */
+ uuid_list = parse_allow_service_list(adapter, msg);
+ if (!uuid_list) {
+ btd_error(admin_policy->adapter_id,
+ "Failed on parsing allowed service list");
+ return btd_error_invalid_args(msg);
+ }
+
+ if (!service_allowlist_set(admin_policy, uuid_list)) {
+ free_service_allowlist(uuid_list);
+ return btd_error_failed(msg, "service_allowlist_set failed");
+ }
+
+ return dbus_message_new_method_return(msg);
+}
+
+static const GDBusMethodTable admin_policy_adapter_methods[] = {
+ { GDBUS_METHOD("SetServiceAllowList", GDBUS_ARGS({ "UUIDs", "as" }),
+ NULL, set_service_allowlist) },
+ { }
+};
+
static int admin_policy_adapter_probe(struct btd_adapter *adapter)
{
if (policy_data) {
@@ -64,8 +173,18 @@ static int admin_policy_adapter_probe(struct btd_adapter *adapter)
if (!policy_data)
return -ENOMEM;
- btd_info(policy_data->adapter_id, "Admin Policy has been enabled");
+ if (!g_dbus_register_interface(dbus_conn, adapter_get_path(adapter),
+ ADMIN_POLICY_SET_INTERFACE,
+ admin_policy_adapter_methods, NULL,
+ NULL, policy_data, admin_policy_free)) {
+ btd_error(policy_data->adapter_id,
+ "Admin Policy Set interface init failed on path %s",
+ adapter_get_path(adapter));
+ return -EINVAL;
+ }
+ btd_info(policy_data->adapter_id,
+ "Admin Policy Set interface registered");
return 0;
}
@@ -79,6 +198,8 @@ static int admin_policy_init(void)
{
DBG("");
+ dbus_conn = btd_get_dbus_connection();
+
return btd_register_adapter_driver(&admin_policy_driver);
}
--
2.32.0.93.g670b81a890-goog
next prev parent reply other threads:[~2021-07-08 6:23 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-08 6:23 [Bluez PATCH v1 00/14] Howard Chung
2021-07-08 6:23 ` [Bluez PATCH v1 01/14] lib: add hash functions for bt_uuid_t Howard Chung
2021-07-08 6:36 ` [Bluez,v1,01/14] " bluez.test.bot
2021-07-09 5:21 ` [Bluez PATCH v1 01/14] " Luiz Augusto von Dentz
2021-07-12 3:20 ` Yun-hao Chung
2021-07-08 6:23 ` [Bluez PATCH v1 02/14] unit: add uuid unit tests Howard Chung
2021-07-08 6:23 ` [Bluez PATCH v1 03/14] core: add is_allowed property in btd_service Howard Chung
2021-07-08 6:23 ` [Bluez PATCH v1 04/14] core: add adapter and device allowed_uuid functions Howard Chung
2021-07-08 6:23 ` [Bluez PATCH v1 05/14] core: add device state and state callbacks Howard Chung
2021-07-09 5:34 ` Luiz Augusto von Dentz
2021-07-12 3:56 ` Yun-hao Chung
2021-07-08 6:23 ` [Bluez PATCH v1 06/14] audio: Remove Media1 interface when a2dp source disallowed Howard Chung
2021-07-09 5:49 ` Luiz Augusto von Dentz
2021-07-12 8:16 ` Yun-hao Chung
2021-07-12 16:37 ` Luiz Augusto von Dentz
2021-07-08 6:23 ` [Bluez PATCH v1 07/14] plugins: add a new plugin for admin_policy Howard Chung
2021-07-08 6:23 ` [Bluez PATCH v1 08/14] plugins/admin_policy: add admin_policy adapter driver Howard Chung
2021-07-08 6:23 ` Howard Chung [this message]
2021-07-09 6:01 ` [Bluez PATCH v1 09/14] plugins/admin_policy: add ServiceAllowList method Luiz Augusto von Dentz
2021-07-12 9:09 ` Yun-hao Chung
2021-07-12 16:41 ` Luiz Augusto von Dentz
2021-07-08 6:23 ` [Bluez PATCH v1 10/14] plugins/admin_policy: add ServiceAllowList property Howard Chung
2021-07-08 6:23 ` [Bluez PATCH v1 11/14] plugins/admin_policy: add device state callback Howard Chung
2021-07-08 6:23 ` [Bluez PATCH v1 12/14] plugins/admin_policy: add AffectedByPolicy property Howard Chung
2021-07-08 6:23 ` [Bluez PATCH v1 13/14] plugins/admin_policy: persist policy settings Howard Chung
2021-07-08 6:23 ` [Bluez PATCH v1 14/14] core: fix a possible crash when removing devices Howard Chung
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210708142059.Bluez.v1.9.Ifbb69dd6e371da3a914049a94615064479b9024b@changeid \
--to=howardchung@google.com \
--cc=howardchung@chromium.org \
--cc=linux-bluetooth@vger.kernel.org \
--cc=luiz.dentz@gmail.com \
--cc=mcchou@chromium.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).