From: Howard Chung <howardchung@google.com>
To: linux-bluetooth@vger.kernel.org, luiz.dentz@gmail.com
Cc: Yun-Hao Chung <howardchung@chromium.org>,
Miao-chen Chou <mcchou@chromium.org>
Subject: [Bluez PATCH v8 01/13] core: add is_allowed property in btd_service
Date: Tue, 3 Aug 2021 16:22:25 +0800 [thread overview]
Message-ID: <20210803161319.Bluez.v8.1.Ic71b1ed97538a06d02425ba502690bdab1c5d836@changeid> (raw)
In-Reply-To: <20210803082237.723766-1-howardchung@google.com>
From: Yun-Hao Chung <howardchung@chromium.org>
This adds is_allowed property in btd_service. When is_allowed is set to
false, calling btd_service_connect and service_accept will fail and the
existing service connection gets disconnected.
Reviewed-by: Miao-chen Chou <mcchou@chromium.org>
---
Changes in v8:
- Remove changes in profiles/health/
Changes in v7:
- Fix compiler errors in profiles/hdp.c
Changes in v6:
- include <errno.h> instead of <error.h> in plugins/admin.c
Changes in v5:
- Fix compiler errors in plugins/admin.c
Changes in v4:
- Update commit message (admin_policy -> admin)
- remove old plugins/admin_policy.c
Changes in v3:
- Rename plugins/admin_policy.c -> plugins/admin.c
- Use device_added callback in btd_adapter_driver instead of listen for
dbus
- Add authorization method in profiles/health/mcap.c and block incoming
connections in adapter authorization function.
Changes in v2:
- Move bt_uuid_hash and bt_uuid_equal functions to adapter.c.
- Modify the criteria to say a device is `Affected` from any-of-uuid
to any-of-auto-connect-profile.
- Remove the code to remove/reprobe disallowed/allowed profiles,
instead, check if the service is allowed in bt_io_accept connect_cb.
- Fix a typo in emit_property_change in
plugin/admin_policy.c:set_service_allowlist
- Instead of using device_state_cb, utilize D-BUS client to watch device
added/removed.
- Add a document in doc/
src/service.c | 33 +++++++++++++++++++++++++++++++++
src/service.h | 2 ++
2 files changed, 35 insertions(+)
diff --git a/src/service.c b/src/service.c
index 21a52762e637..84fbb208a7e9 100644
--- a/src/service.c
+++ b/src/service.c
@@ -41,6 +41,7 @@ struct btd_service {
void *user_data;
btd_service_state_t state;
int err;
+ bool is_allowed;
};
struct service_state_callback {
@@ -133,6 +134,7 @@ struct btd_service *service_create(struct btd_device *device,
service->device = device; /* Weak ref */
service->profile = profile;
service->state = BTD_SERVICE_STATE_UNAVAILABLE;
+ service->is_allowed = true;
return service;
}
@@ -186,6 +188,12 @@ int service_accept(struct btd_service *service)
if (!service->profile->accept)
return -ENOSYS;
+ if (!service->is_allowed) {
+ info("service %s is not allowed",
+ service->profile->remote_uuid);
+ return -ECONNABORTED;
+ }
+
err = service->profile->accept(service);
if (!err)
goto done;
@@ -245,6 +253,12 @@ int btd_service_connect(struct btd_service *service)
return -EBUSY;
}
+ if (!service->is_allowed) {
+ info("service %s is not allowed",
+ service->profile->remote_uuid);
+ return -ECONNABORTED;
+ }
+
err = profile->connect(service);
if (err == 0) {
change_state(service, BTD_SERVICE_STATE_CONNECTING, 0);
@@ -361,6 +375,25 @@ bool btd_service_remove_state_cb(unsigned int id)
return false;
}
+void btd_service_set_allowed(struct btd_service *service, bool allowed)
+{
+ if (allowed == service->is_allowed)
+ return;
+
+ service->is_allowed = allowed;
+
+ if (!allowed && (service->state == BTD_SERVICE_STATE_CONNECTING ||
+ service->state == BTD_SERVICE_STATE_CONNECTED)) {
+ btd_service_disconnect(service);
+ return;
+ }
+}
+
+bool btd_service_is_allowed(struct btd_service *service)
+{
+ return service->is_allowed;
+}
+
void btd_service_connecting_complete(struct btd_service *service, int err)
{
if (service->state != BTD_SERVICE_STATE_DISCONNECTED &&
diff --git a/src/service.h b/src/service.h
index 88530cc17d53..5a2a02447b24 100644
--- a/src/service.h
+++ b/src/service.h
@@ -51,6 +51,8 @@ int btd_service_get_error(const struct btd_service *service);
unsigned int btd_service_add_state_cb(btd_service_state_cb cb,
void *user_data);
bool btd_service_remove_state_cb(unsigned int id);
+void btd_service_set_allowed(struct btd_service *service, bool allowed);
+bool btd_service_is_allowed(struct btd_service *service);
/* Functions used by profile implementation */
void btd_service_connecting_complete(struct btd_service *service, int err);
--
2.32.0.554.ge1b32706d8-goog
next prev parent reply other threads:[~2021-08-03 8:23 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-03 8:22 [Bluez PATCH v8 00/13] Admin policy series Howard Chung
2021-08-03 8:22 ` Howard Chung [this message]
2021-08-03 8:42 ` bluez.test.bot
2021-08-03 8:22 ` [Bluez PATCH v8 02/13] core: add device callbacks to adapter driver Howard Chung
2021-08-03 8:22 ` [Bluez PATCH v8 03/13] core: add adapter and device allowed_uuid functions Howard Chung
2021-08-03 8:22 ` [Bluez PATCH v8 04/13] core: block not allowed UUID connect in auth Howard Chung
2021-08-03 8:22 ` [Bluez PATCH v8 05/13] plugins: new plugin Howard Chung
2021-08-03 8:22 ` [Bluez PATCH v8 06/13] plugins/admin: add admin_policy adapter driver Howard Chung
2021-08-03 8:22 ` [Bluez PATCH v8 07/13] plugins/admin: add ServiceAllowList method Howard Chung
2021-08-03 8:22 ` [Bluez PATCH v8 08/13] plugins/admin: add ServiceAllowList property Howard Chung
2021-08-03 8:22 ` [Bluez PATCH v8 09/13] plugins/admin: add device callbacks Howard Chung
2021-08-03 8:22 ` [Bluez PATCH v8 10/13] plugins/admin: add AffectedByPolicy property Howard Chung
2021-08-03 8:22 ` [Bluez PATCH v8 11/13] plugins/admin: persist policy settings Howard Chung
2021-08-03 8:22 ` [Bluez PATCH v8 12/13] doc: add description of admin policy Howard Chung
2021-08-03 8:22 ` [Bluez PATCH v8 13/13] doc: add admin policy file storage description Howard Chung
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210803161319.Bluez.v8.1.Ic71b1ed97538a06d02425ba502690bdab1c5d836@changeid \
--to=howardchung@google.com \
--cc=howardchung@chromium.org \
--cc=linux-bluetooth@vger.kernel.org \
--cc=luiz.dentz@gmail.com \
--cc=mcchou@chromium.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).