From: Howard Chung <howardchung@google.com>
To: linux-bluetooth@vger.kernel.org, luiz.dentz@gmail.com
Cc: Yun-Hao Chung <howardchung@chromium.org>
Subject: [Bluez PATCH v3 04/13] core: block not allowed UUID connect in auth
Date: Wed, 28 Jul 2021 21:15:20 +0800 [thread overview]
Message-ID: <20210728211405.Bluez.v3.4.Ia4dc489979e4bf7ffa3421199b1b9fd8d7f00bbc@changeid> (raw)
In-Reply-To: <20210728131529.3310558-1-howardchung@google.com>
From: Yun-Hao Chung <howardchung@chromium.org>
This ensures any incoming profile connection will be blocked if its UUID
is not allowed by the following assumption:
1. Each system profile asks adapter authorization when seeing a incoming
connection.
2. Each external profile checks if its UUID is allowed by adapter when
seeing a incoming connection.
---
The following test steps were performed after enabling admin_policy
plugin:
1. Set ServiceAllowList to ["1234"].
2. Turn on a paired classic keyboard. Verify it can not be connected.
3. Set ServiceAllowList to
["1800","1801","180A","180F","1812"]
4. Turn off and turn on the keyboard. Verift it can be connected.
(no changes since v1)
src/adapter.c | 5 +++++
src/profile.c | 12 ++++++++++++
2 files changed, 17 insertions(+)
diff --git a/src/adapter.c b/src/adapter.c
index c7fe27d19..6c8096147 100644
--- a/src/adapter.c
+++ b/src/adapter.c
@@ -7118,6 +7118,11 @@ static gboolean process_auth_queue(gpointer user_data)
if (auth->svc_id > 0)
return FALSE;
+ if (!btd_adapter_is_uuid_allowed(adapter, auth->uuid)) {
+ auth->cb(&err, auth->user_data);
+ goto next;
+ }
+
if (device_is_trusted(device) == TRUE) {
auth->cb(NULL, auth->user_data);
goto next;
diff --git a/src/profile.c b/src/profile.c
index 60d17b6ae..58500c747 100644
--- a/src/profile.c
+++ b/src/profile.c
@@ -1249,6 +1249,11 @@ static void ext_confirm(GIOChannel *io, gpointer user_data)
DBG("incoming connect from %s", addr);
+ if (btd_adapter_is_uuid_allowed(adapter_find(&src), uuid)) {
+ info("UUID %s is not allowed. Igoring the connection", uuid);
+ return;
+ }
+
conn = create_conn(server, io, &src, &dst);
if (conn == NULL)
return;
@@ -1272,6 +1277,7 @@ static void ext_direct_connect(GIOChannel *io, GError *err, gpointer user_data)
struct ext_profile *ext = server->ext;
GError *gerr = NULL;
struct ext_io *conn;
+ const char *uuid = ext->service ? ext->service : ext->uuid;
bdaddr_t src, dst;
bt_io_get(io, &gerr,
@@ -1285,6 +1291,12 @@ static void ext_direct_connect(GIOChannel *io, GError *err, gpointer user_data)
return;
}
+ if (btd_adapter_is_uuid_allowed(adapter_find(&src), ext->uuid)) {
+ info("UUID %s is not allowed. Igoring the connection",
+ ext->uuid);
+ return;
+ }
+
conn = create_conn(server, io, &src, &dst);
if (conn == NULL)
return;
--
2.32.0.432.gabb21c7263-goog
next prev parent reply other threads:[~2021-07-28 13:16 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-28 13:15 [Bluez PATCH v3 00/13] Admin policy series Howard Chung
2021-07-28 13:15 ` [Bluez PATCH v3 01/13] core: add is_allowed property in btd_service Howard Chung
2021-07-28 13:39 ` Admin policy series bluez.test.bot
2021-07-28 13:15 ` [Bluez PATCH v3 02/13] core: add adapter and device allowed_uuid functions Howard Chung
2021-07-28 13:15 ` [Bluez PATCH v3 03/13] mcap: add adapter authorization Howard Chung
2021-07-28 13:15 ` Howard Chung [this message]
2021-07-28 13:15 ` [Bluez PATCH v3 05/13] core: add device_added and device_removed to adapter driver Howard Chung
2021-07-28 13:15 ` [Bluez PATCH v3 06/13] plugins: new plugin Howard Chung
2021-07-28 13:15 ` [Bluez PATCH v3 07/13] plugins/admin_policy: add admin_policy adapter driver Howard Chung
2021-07-28 17:42 ` Luiz Augusto von Dentz
2021-07-28 13:15 ` [Bluez PATCH v3 08/13] plugins/admin_policy: add ServiceAllowList method Howard Chung
2021-07-28 13:15 ` [Bluez PATCH v3 09/13] plugins/admin_policy: add ServiceAllowList property Howard Chung
2021-07-28 13:15 ` [Bluez PATCH v3 10/13] plugins/admin_policy: add device callbacks Howard Chung
2021-07-28 13:15 ` [Bluez PATCH v3 11/13] plugins/admin_policy: add AffectedByPolicy property Howard Chung
2021-07-28 13:15 ` [Bluez PATCH v3 12/13] plugins/admin_policy: persist policy settings Howard Chung
2021-07-28 13:15 ` [Bluez PATCH v3 13/13] doc: add description of admin policy Howard Chung
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210728211405.Bluez.v3.4.Ia4dc489979e4bf7ffa3421199b1b9fd8d7f00bbc@changeid \
--to=howardchung@google.com \
--cc=howardchung@chromium.org \
--cc=linux-bluetooth@vger.kernel.org \
--cc=luiz.dentz@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).