From: Howard Chung <howardchung@google.com>
To: linux-bluetooth@vger.kernel.org, luiz.dentz@gmail.com
Cc: Yun-Hao Chung <howardchung@chromium.org>
Subject: [Bluez PATCH v6 04/13] core: block not allowed UUID connect in auth
Date: Thu, 29 Jul 2021 20:27:42 +0800 [thread overview]
Message-ID: <20210729202648.Bluez.v6.4.Ia4dc489979e4bf7ffa3421199b1b9fd8d7f00bbc@changeid> (raw)
In-Reply-To: <20210729122751.3728885-1-howardchung@google.com>
From: Yun-Hao Chung <howardchung@chromium.org>
This ensures any incoming profile connection will be blocked if its UUID
is not allowed by the following assumption:
1. Each system profile asks adapter authorization when seeing a incoming
connection.
2. Each external profile checks if its UUID is allowed by adapter when
seeing a incoming connection.
---
The following test steps were performed after enabling admin plugin:
1. Set ServiceAllowList to ["1234"].
2. Turn on a paired classic keyboard. Verify it can not be connected.
3. Set ServiceAllowList to
["1800","1801","180A","180F","1812"]
4. Turn off and turn on the keyboard. Verift it can be connected.
(no changes since v1)
src/adapter.c | 5 +++++
src/profile.c | 11 +++++++++++
2 files changed, 16 insertions(+)
diff --git a/src/adapter.c b/src/adapter.c
index c7fe27d19a5d..6c8096147bdd 100644
--- a/src/adapter.c
+++ b/src/adapter.c
@@ -7118,6 +7118,11 @@ static gboolean process_auth_queue(gpointer user_data)
if (auth->svc_id > 0)
return FALSE;
+ if (!btd_adapter_is_uuid_allowed(adapter, auth->uuid)) {
+ auth->cb(&err, auth->user_data);
+ goto next;
+ }
+
if (device_is_trusted(device) == TRUE) {
auth->cb(NULL, auth->user_data);
goto next;
diff --git a/src/profile.c b/src/profile.c
index 60d17b6ae657..e1bebf1ee19c 100644
--- a/src/profile.c
+++ b/src/profile.c
@@ -1249,6 +1249,11 @@ static void ext_confirm(GIOChannel *io, gpointer user_data)
DBG("incoming connect from %s", addr);
+ if (!btd_adapter_is_uuid_allowed(adapter_find(&src), uuid)) {
+ info("UUID %s is not allowed. Igoring the connection", uuid);
+ return;
+ }
+
conn = create_conn(server, io, &src, &dst);
if (conn == NULL)
return;
@@ -1272,6 +1277,7 @@ static void ext_direct_connect(GIOChannel *io, GError *err, gpointer user_data)
struct ext_profile *ext = server->ext;
GError *gerr = NULL;
struct ext_io *conn;
+ const char *uuid = ext->service ? ext->service : ext->uuid;
bdaddr_t src, dst;
bt_io_get(io, &gerr,
@@ -1285,6 +1291,11 @@ static void ext_direct_connect(GIOChannel *io, GError *err, gpointer user_data)
return;
}
+ if (!btd_adapter_is_uuid_allowed(adapter_find(&src), uuid)) {
+ info("UUID %s is not allowed. Igoring the connection", uuid);
+ return;
+ }
+
conn = create_conn(server, io, &src, &dst);
if (conn == NULL)
return;
--
2.32.0.554.ge1b32706d8-goog
next prev parent reply other threads:[~2021-07-29 12:28 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-29 12:27 [Bluez PATCH v6 00/13] Admin policy series Howard Chung
2021-07-29 12:27 ` [Bluez PATCH v6 01/13] core: add is_allowed property in btd_service Howard Chung
2021-07-29 12:50 ` Admin policy series bluez.test.bot
2021-07-29 12:27 ` [Bluez PATCH v6 02/13] core: add adapter and device allowed_uuid functions Howard Chung
2021-07-29 12:27 ` [Bluez PATCH v6 03/13] mcap: add adapter authorization Howard Chung
2021-07-29 12:27 ` Howard Chung [this message]
2021-07-29 12:27 ` [Bluez PATCH v6 05/13] core: add device_added and device_removed to adapter driver Howard Chung
2021-07-29 12:27 ` [Bluez PATCH v6 06/13] plugins: new plugin Howard Chung
2021-07-29 12:27 ` [Bluez PATCH v6 07/13] plugins/admin: add admin_policy adapter driver Howard Chung
2021-07-29 12:27 ` [Bluez PATCH v6 08/13] plugins/admin: add ServiceAllowList method Howard Chung
2021-07-29 12:27 ` [Bluez PATCH v6 09/13] plugins/admin: add ServiceAllowList property Howard Chung
2021-07-29 12:27 ` [Bluez PATCH v6 10/13] plugins/admin: add device callbacks Howard Chung
2021-07-29 12:27 ` [Bluez PATCH v6 11/13] plugins/admin: add AffectedByPolicy property Howard Chung
2021-07-29 12:27 ` [Bluez PATCH v6 12/13] plugins/admin: persist policy settings Howard Chung
2021-07-29 12:27 ` [Bluez PATCH v6 13/13] doc: add description of admin policy Howard Chung
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210729202648.Bluez.v6.4.Ia4dc489979e4bf7ffa3421199b1b9fd8d7f00bbc@changeid \
--to=howardchung@google.com \
--cc=howardchung@chromium.org \
--cc=linux-bluetooth@vger.kernel.org \
--cc=luiz.dentz@gmail.com \
--subject='Re: [Bluez PATCH v6 04/13] core: block not allowed UUID connect in auth' \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.