* [PATCH 1/2] android/hid: Reject connections from unknown devices
@ 2014-08-21 10:04 Jakub Tyszkowski
2014-08-21 10:04 ` [PATCH 2/2] android/hid: Force encryption for keyboards Jakub Tyszkowski
0 siblings, 1 reply; 4+ messages in thread
From: Jakub Tyszkowski @ 2014-08-21 10:04 UTC (permalink / raw)
To: linux-bluetooth; +Cc: Jakub Tyszkowski
---
android/hidhost.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/android/hidhost.c b/android/hidhost.c
index da5f818..07985d8 100644
--- a/android/hidhost.c
+++ b/android/hidhost.c
@@ -1410,6 +1410,20 @@ static void connect_cb(GIOChannel *chan, GError *err, gpointer user_data)
ba2str(&dst, address);
DBG("Incoming connection from %s on PSM %d", address, psm);
+ if (!bt_device_is_bonded(&dst)) {
+ uint8_t hdr = (HID_MSG_CONTROL | HID_VIRTUAL_CABLE_UNPLUG);
+ int sk = g_io_channel_unix_get_fd(chan);
+
+ warn("hidhost: Rejected connection from unknown device %s",
+ address);
+
+ if (write(sk, &hdr, sizeof(hdr)) < 0)
+ error("hidhost: Unable to send virtual cable unplug");
+
+ g_io_channel_shutdown(chan, TRUE, NULL);
+ return;
+ }
+
switch (psm) {
case L2CAP_PSM_HIDP_CTRL:
l = g_slist_find_custom(devices, &dst, device_cmp);
--
1.9.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH 2/2] android/hid: Force encryption for keyboards
2014-08-21 10:04 [PATCH 1/2] android/hid: Reject connections from unknown devices Jakub Tyszkowski
@ 2014-08-21 10:04 ` Jakub Tyszkowski
2014-08-21 11:58 ` Luiz Augusto von Dentz
0 siblings, 1 reply; 4+ messages in thread
From: Jakub Tyszkowski @ 2014-08-21 10:04 UTC (permalink / raw)
To: linux-bluetooth; +Cc: Jakub Tyszkowski
Encryption is mandatory for keyboards.
---
android/hidhost.c | 27 ++++++++++++++++++++++++---
1 file changed, 24 insertions(+), 3 deletions(-)
diff --git a/android/hidhost.c b/android/hidhost.c
index 07985d8..d57b24b 100644
--- a/android/hidhost.c
+++ b/android/hidhost.c
@@ -579,6 +579,7 @@ static void control_connect_cb(GIOChannel *chan, GError *conn_err,
{
struct hid_device *dev = user_data;
GError *err = NULL;
+ int sec_level;
DBG("");
@@ -589,12 +590,15 @@ static void control_connect_cb(GIOChannel *chan, GError *conn_err,
goto failed;
}
+ /* Encryption is mandatory for keyboards */
+ sec_level = (dev->subclass & 0x40) ? BT_IO_SEC_MEDIUM : BT_IO_SEC_LOW;
+
/* Connect to the HID interrupt channel */
dev->intr_io = bt_io_connect(interrupt_connect_cb, dev, NULL, &err,
BT_IO_OPT_SOURCE_BDADDR, &adapter_addr,
BT_IO_OPT_DEST_BDADDR, &dev->dst,
BT_IO_OPT_PSM, L2CAP_PSM_HIDP_INTR,
- BT_IO_OPT_SEC_LEVEL, BT_IO_SEC_LOW,
+ BT_IO_OPT_SEC_LEVEL, sec_level,
BT_IO_OPT_INVALID);
if (!dev->intr_io) {
error("hidhost: Failed to connect interrupt channel (%s)",
@@ -618,6 +622,7 @@ static void hid_sdp_search_cb(sdp_list_t *recs, int err, gpointer data)
struct hid_device *dev = data;
sdp_list_t *list;
GError *gerr = NULL;
+ int sec_level = BT_IO_SEC_LOW;
DBG("");
@@ -640,9 +645,14 @@ static void hid_sdp_search_cb(sdp_list_t *recs, int err, gpointer data)
dev->country = data->val.uint8;
data = sdp_data_get(rec, SDP_ATTR_HID_DEVICE_SUBCLASS);
- if (data)
+ if (data) {
dev->subclass = data->val.uint8;
+ /* Encryption is mandatory for keyboards */
+ if (dev->subclass & 0x40)
+ sec_level = BT_IO_SEC_MEDIUM;
+ }
+
data = sdp_data_get(rec, SDP_ATTR_HID_BOOT_DEVICE);
if (data)
dev->boot_dev = data->val.uint8;
@@ -673,6 +683,17 @@ static void hid_sdp_search_cb(sdp_list_t *recs, int err, gpointer data)
}
if (dev->ctrl_io) {
+ /* Encryption is mandatory for keyboards */
+ if ((dev->subclass & 0x40) && !bt_io_set(dev->ctrl_io, &gerr,
+ BT_IO_OPT_SEC_LEVEL, BT_IO_SEC_MEDIUM,
+ BT_IO_OPT_INVALID)) {
+ error("hidhost: Cannot rise security level: %s",
+ gerr->message);
+ g_error_free(gerr);
+
+ goto fail;
+ }
+
if (uhid_create(dev) < 0)
goto fail;
return;
@@ -682,7 +703,7 @@ static void hid_sdp_search_cb(sdp_list_t *recs, int err, gpointer data)
BT_IO_OPT_SOURCE_BDADDR, &adapter_addr,
BT_IO_OPT_DEST_BDADDR, &dev->dst,
BT_IO_OPT_PSM, L2CAP_PSM_HIDP_CTRL,
- BT_IO_OPT_SEC_LEVEL, BT_IO_SEC_LOW,
+ BT_IO_OPT_SEC_LEVEL, sec_level,
BT_IO_OPT_INVALID);
if (gerr) {
error("hidhost: Failed to connect control channel (%s)",
--
1.9.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH 2/2] android/hid: Force encryption for keyboards
2014-08-21 10:04 ` [PATCH 2/2] android/hid: Force encryption for keyboards Jakub Tyszkowski
@ 2014-08-21 11:58 ` Luiz Augusto von Dentz
2014-08-22 8:25 ` Tyszkowski Jakub
0 siblings, 1 reply; 4+ messages in thread
From: Luiz Augusto von Dentz @ 2014-08-21 11:58 UTC (permalink / raw)
To: Jakub Tyszkowski; +Cc: linux-bluetooth
Hi Jakub,
On Thu, Aug 21, 2014 at 1:04 PM, Jakub Tyszkowski
<jakub.tyszkowski@tieto.com> wrote:
> Encryption is mandatory for keyboards.
> ---
> android/hidhost.c | 27 ++++++++++++++++++++++++---
> 1 file changed, 24 insertions(+), 3 deletions(-)
>
> diff --git a/android/hidhost.c b/android/hidhost.c
> index 07985d8..d57b24b 100644
> --- a/android/hidhost.c
> +++ b/android/hidhost.c
> @@ -579,6 +579,7 @@ static void control_connect_cb(GIOChannel *chan, GError *conn_err,
> {
> struct hid_device *dev = user_data;
> GError *err = NULL;
> + int sec_level;
>
> DBG("");
>
> @@ -589,12 +590,15 @@ static void control_connect_cb(GIOChannel *chan, GError *conn_err,
> goto failed;
> }
>
> + /* Encryption is mandatory for keyboards */
> + sec_level = (dev->subclass & 0x40) ? BT_IO_SEC_MEDIUM : BT_IO_SEC_LOW;
> +
> /* Connect to the HID interrupt channel */
> dev->intr_io = bt_io_connect(interrupt_connect_cb, dev, NULL, &err,
> BT_IO_OPT_SOURCE_BDADDR, &adapter_addr,
> BT_IO_OPT_DEST_BDADDR, &dev->dst,
> BT_IO_OPT_PSM, L2CAP_PSM_HIDP_INTR,
> - BT_IO_OPT_SEC_LEVEL, BT_IO_SEC_LOW,
> + BT_IO_OPT_SEC_LEVEL, sec_level,
> BT_IO_OPT_INVALID);
> if (!dev->intr_io) {
> error("hidhost: Failed to connect interrupt channel (%s)",
> @@ -618,6 +622,7 @@ static void hid_sdp_search_cb(sdp_list_t *recs, int err, gpointer data)
> struct hid_device *dev = data;
> sdp_list_t *list;
> GError *gerr = NULL;
> + int sec_level = BT_IO_SEC_LOW;
>
> DBG("");
>
> @@ -640,9 +645,14 @@ static void hid_sdp_search_cb(sdp_list_t *recs, int err, gpointer data)
> dev->country = data->val.uint8;
>
> data = sdp_data_get(rec, SDP_ATTR_HID_DEVICE_SUBCLASS);
> - if (data)
> + if (data) {
> dev->subclass = data->val.uint8;
>
> + /* Encryption is mandatory for keyboards */
> + if (dev->subclass & 0x40)
> + sec_level = BT_IO_SEC_MEDIUM;
> + }
I prefer to store this info in the device struct e..g dev->sec_level
> data = sdp_data_get(rec, SDP_ATTR_HID_BOOT_DEVICE);
> if (data)
> dev->boot_dev = data->val.uint8;
> @@ -673,6 +683,17 @@ static void hid_sdp_search_cb(sdp_list_t *recs, int err, gpointer data)
> }
>
> if (dev->ctrl_io) {
> + /* Encryption is mandatory for keyboards */
> + if ((dev->subclass & 0x40) && !bt_io_set(dev->ctrl_io, &gerr,
> + BT_IO_OPT_SEC_LEVEL, BT_IO_SEC_MEDIUM,
> + BT_IO_OPT_INVALID)) {
> + error("hidhost: Cannot rise security level: %s",
> + gerr->message);
> + g_error_free(gerr);
> +
> + goto fail;
> + }
> +
> if (uhid_create(dev) < 0)
> goto fail;
> return;
> @@ -682,7 +703,7 @@ static void hid_sdp_search_cb(sdp_list_t *recs, int err, gpointer data)
> BT_IO_OPT_SOURCE_BDADDR, &adapter_addr,
> BT_IO_OPT_DEST_BDADDR, &dev->dst,
> BT_IO_OPT_PSM, L2CAP_PSM_HIDP_CTRL,
> - BT_IO_OPT_SEC_LEVEL, BT_IO_SEC_LOW,
> + BT_IO_OPT_SEC_LEVEL, sec_level,
> BT_IO_OPT_INVALID);
> if (gerr) {
> error("hidhost: Failed to connect control channel (%s)",
> --
> 1.9.1
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
--
Luiz Augusto von Dentz
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH 2/2] android/hid: Force encryption for keyboards
2014-08-21 11:58 ` Luiz Augusto von Dentz
@ 2014-08-22 8:25 ` Tyszkowski Jakub
0 siblings, 0 replies; 4+ messages in thread
From: Tyszkowski Jakub @ 2014-08-22 8:25 UTC (permalink / raw)
To: Luiz Augusto von Dentz; +Cc: linux-bluetooth
Hi Luiz,
On 08/21/2014 01:58 PM, Luiz Augusto von Dentz wrote:
> Hi Jakub,
>
> On Thu, Aug 21, 2014 at 1:04 PM, Jakub Tyszkowski
> <jakub.tyszkowski@tieto.com> wrote:
>> Encryption is mandatory for keyboards.
>> ---
>> android/hidhost.c | 27 ++++++++++++++++++++++++---
>> 1 file changed, 24 insertions(+), 3 deletions(-)
>>
>> diff --git a/android/hidhost.c b/android/hidhost.c
>> index 07985d8..d57b24b 100644
>> --- a/android/hidhost.c
>> +++ b/android/hidhost.c
>> @@ -579,6 +579,7 @@ static void control_connect_cb(GIOChannel *chan, GError *conn_err,
>> {
>> struct hid_device *dev = user_data;
>> GError *err = NULL;
>> + int sec_level;
>>
>> DBG("");
>>
>> @@ -589,12 +590,15 @@ static void control_connect_cb(GIOChannel *chan, GError *conn_err,
>> goto failed;
>> }
>>
>> + /* Encryption is mandatory for keyboards */
>> + sec_level = (dev->subclass & 0x40) ? BT_IO_SEC_MEDIUM : BT_IO_SEC_LOW;
>> +
>> /* Connect to the HID interrupt channel */
>> dev->intr_io = bt_io_connect(interrupt_connect_cb, dev, NULL, &err,
>> BT_IO_OPT_SOURCE_BDADDR, &adapter_addr,
>> BT_IO_OPT_DEST_BDADDR, &dev->dst,
>> BT_IO_OPT_PSM, L2CAP_PSM_HIDP_INTR,
>> - BT_IO_OPT_SEC_LEVEL, BT_IO_SEC_LOW,
>> + BT_IO_OPT_SEC_LEVEL, sec_level,
>> BT_IO_OPT_INVALID);
>> if (!dev->intr_io) {
>> error("hidhost: Failed to connect interrupt channel (%s)",
>> @@ -618,6 +622,7 @@ static void hid_sdp_search_cb(sdp_list_t *recs, int err, gpointer data)
>> struct hid_device *dev = data;
>> sdp_list_t *list;
>> GError *gerr = NULL;
>> + int sec_level = BT_IO_SEC_LOW;
>>
>> DBG("");
>>
>> @@ -640,9 +645,14 @@ static void hid_sdp_search_cb(sdp_list_t *recs, int err, gpointer data)
>> dev->country = data->val.uint8;
>>
>> data = sdp_data_get(rec, SDP_ATTR_HID_DEVICE_SUBCLASS);
>> - if (data)
>> + if (data) {
>> dev->subclass = data->val.uint8;
>>
>> + /* Encryption is mandatory for keyboards */
>> + if (dev->subclass & 0x40)
>> + sec_level = BT_IO_SEC_MEDIUM;
>> + }
>
> I prefer to store this info in the device struct e..g dev->sec_level
Seams reasonable. I'll be sending v2.
>
>> data = sdp_data_get(rec, SDP_ATTR_HID_BOOT_DEVICE);
>> if (data)
>> dev->boot_dev = data->val.uint8;
>> @@ -673,6 +683,17 @@ static void hid_sdp_search_cb(sdp_list_t *recs, int err, gpointer data)
>> }
>>
>> if (dev->ctrl_io) {
>> + /* Encryption is mandatory for keyboards */
>> + if ((dev->subclass & 0x40) && !bt_io_set(dev->ctrl_io, &gerr,
>> + BT_IO_OPT_SEC_LEVEL, BT_IO_SEC_MEDIUM,
>> + BT_IO_OPT_INVALID)) {
>> + error("hidhost: Cannot rise security level: %s",
>> + gerr->message);
>> + g_error_free(gerr);
>> +
>> + goto fail;
>> + }
>> +
>> if (uhid_create(dev) < 0)
>> goto fail;
>> return;
>> @@ -682,7 +703,7 @@ static void hid_sdp_search_cb(sdp_list_t *recs, int err, gpointer data)
>> BT_IO_OPT_SOURCE_BDADDR, &adapter_addr,
>> BT_IO_OPT_DEST_BDADDR, &dev->dst,
>> BT_IO_OPT_PSM, L2CAP_PSM_HIDP_CTRL,
>> - BT_IO_OPT_SEC_LEVEL, BT_IO_SEC_LOW,
>> + BT_IO_OPT_SEC_LEVEL, sec_level,
>> BT_IO_OPT_INVALID);
>> if (gerr) {
>> error("hidhost: Failed to connect control channel (%s)",
>> --
>> 1.9.1
>>
>> --
>> To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in
>> the body of a message to majordomo@vger.kernel.org
>> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
>
>
Regards,
Jakub
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2014-08-22 8:25 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-08-21 10:04 [PATCH 1/2] android/hid: Reject connections from unknown devices Jakub Tyszkowski
2014-08-21 10:04 ` [PATCH 2/2] android/hid: Force encryption for keyboards Jakub Tyszkowski
2014-08-21 11:58 ` Luiz Augusto von Dentz
2014-08-22 8:25 ` Tyszkowski Jakub
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.