linux-bluetooth.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Howard Chung <howardchung@google.com>
To: linux-bluetooth@vger.kernel.org, luiz.dentz@gmail.com
Cc: Yun-Hao Chung <howardchung@chromium.org>,
	Miao-chen Chou <mcchou@chromium.org>
Subject: [Bluez PATCH v7 01/13] core: add is_allowed property in btd_service
Date: Mon,  2 Aug 2021 14:12:38 +0800	[thread overview]
Message-ID: <20210802141140.Bluez.v7.1.Ic71b1ed97538a06d02425ba502690bdab1c5d836@changeid> (raw)
In-Reply-To: <20210802061250.170975-1-howardchung@google.com>

From: Yun-Hao Chung <howardchung@chromium.org>

This adds is_allowed property in btd_service. When is_allowed is set to
false, calling btd_service_connect and service_accept will fail and the
existing service connection gets disconnected.

Reviewed-by: Miao-chen Chou <mcchou@chromium.org>
---

Changes in v7:
- Fix compiler errors in profiles/hdp.c

Changes in v6:
- include <errno.h> instead of <error.h> in plugins/admin.c

Changes in v5:
- Fix compiler errors in plugins/admin.c

Changes in v4:
- Update commit message (admin_policy -> admin)
- remove old plugins/admin_policy.c

Changes in v3:
- Rename plugins/admin_policy.c -> plugins/admin.c
- Use device_added callback in btd_adapter_driver instead of listen for
  dbus
- Add authorization method in profiles/health/mcap.c and block incoming
  connections in adapter authorization function.

Changes in v2:
- Move bt_uuid_hash and bt_uuid_equal functions to adapter.c.
- Modify the criteria to say a device is `Affected` from any-of-uuid
  to any-of-auto-connect-profile.
- Remove the code to remove/reprobe disallowed/allowed profiles,
  instead, check if the service is allowed in bt_io_accept connect_cb.
- Fix a typo in emit_property_change in
  plugin/admin_policy.c:set_service_allowlist
- Instead of using device_state_cb, utilize D-BUS client to watch device
  added/removed.
- Add a document in doc/

 src/service.c | 39 +++++++++++++++++++++++++++++++++++++++
 src/service.h |  2 ++
 2 files changed, 41 insertions(+)

diff --git a/src/service.c b/src/service.c
index 21a52762e637..929d6c136b6d 100644
--- a/src/service.c
+++ b/src/service.c
@@ -41,6 +41,7 @@ struct btd_service {
 	void			*user_data;
 	btd_service_state_t	state;
 	int			err;
+	bool			is_allowed;
 };
 
 struct service_state_callback {
@@ -133,6 +134,7 @@ struct btd_service *service_create(struct btd_device *device,
 	service->device = device; /* Weak ref */
 	service->profile = profile;
 	service->state = BTD_SERVICE_STATE_UNAVAILABLE;
+	service->is_allowed = true;
 
 	return service;
 }
@@ -186,6 +188,18 @@ int service_accept(struct btd_service *service)
 	if (!service->profile->accept)
 		return -ENOSYS;
 
+	if (!service->is_allowed) {
+		info("service %s is not allowed",
+						service->profile->remote_uuid);
+		return -ECONNABORTED;
+	}
+
+	if (!service->is_allowed) {
+		info("service %s is not allowed",
+						service->profile->remote_uuid);
+		return -ECONNABORTED;
+	}
+
 	err = service->profile->accept(service);
 	if (!err)
 		goto done;
@@ -245,6 +259,12 @@ int btd_service_connect(struct btd_service *service)
 		return -EBUSY;
 	}
 
+	if (!service->is_allowed) {
+		info("service %s is not allowed",
+						service->profile->remote_uuid);
+		return -ECONNABORTED;
+	}
+
 	err = profile->connect(service);
 	if (err == 0) {
 		change_state(service, BTD_SERVICE_STATE_CONNECTING, 0);
@@ -361,6 +381,25 @@ bool btd_service_remove_state_cb(unsigned int id)
 	return false;
 }
 
+void btd_service_set_allowed(struct btd_service *service, bool allowed)
+{
+	if (allowed == service->is_allowed)
+		return;
+
+	service->is_allowed = allowed;
+
+	if (!allowed && (service->state == BTD_SERVICE_STATE_CONNECTING ||
+			service->state == BTD_SERVICE_STATE_CONNECTED)) {
+		btd_service_disconnect(service);
+		return;
+	}
+}
+
+bool btd_service_is_allowed(struct btd_service *service)
+{
+	return service->is_allowed;
+}
+
 void btd_service_connecting_complete(struct btd_service *service, int err)
 {
 	if (service->state != BTD_SERVICE_STATE_DISCONNECTED &&
diff --git a/src/service.h b/src/service.h
index 88530cc17d53..5a2a02447b24 100644
--- a/src/service.h
+++ b/src/service.h
@@ -51,6 +51,8 @@ int btd_service_get_error(const struct btd_service *service);
 unsigned int btd_service_add_state_cb(btd_service_state_cb cb,
 							void *user_data);
 bool btd_service_remove_state_cb(unsigned int id);
+void btd_service_set_allowed(struct btd_service *service, bool allowed);
+bool btd_service_is_allowed(struct btd_service *service);
 
 /* Functions used by profile implementation */
 void btd_service_connecting_complete(struct btd_service *service, int err);
-- 
2.32.0.554.ge1b32706d8-goog


  reply	other threads:[~2021-08-02  6:13 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-08-02  6:12 [Bluez PATCH v7 00/13] Admin policy series Howard Chung
2021-08-02  6:12 ` Howard Chung [this message]
2021-08-02  6:50   ` bluez.test.bot
2021-08-02  6:12 ` [Bluez PATCH v7 02/13] core: add adapter and device allowed_uuid functions Howard Chung
2021-08-02  6:12 ` [Bluez PATCH v7 03/13] mcap: add adapter authorization Howard Chung
2021-08-02 18:49   ` Luiz Augusto von Dentz
2021-08-02  6:12 ` [Bluez PATCH v7 04/13] core: block not allowed UUID connect in auth Howard Chung
2021-08-02  6:12 ` [Bluez PATCH v7 05/13] core: add device_added and device_removed to adapter driver Howard Chung
2021-08-02  6:12 ` [Bluez PATCH v7 06/13] plugins: new plugin Howard Chung
2021-08-02  6:12 ` [Bluez PATCH v7 07/13] plugins/admin: add admin_policy adapter driver Howard Chung
2021-08-02  6:12 ` [Bluez PATCH v7 08/13] plugins/admin: add ServiceAllowList method Howard Chung
2021-08-02  6:12 ` [Bluez PATCH v7 09/13] plugins/admin: add ServiceAllowList property Howard Chung
2021-08-02  6:12 ` [Bluez PATCH v7 10/13] plugins/admin: add device callbacks Howard Chung
2021-08-02  6:12 ` [Bluez PATCH v7 11/13] plugins/admin: add AffectedByPolicy property Howard Chung
2021-08-02  6:12 ` [Bluez PATCH v7 12/13] plugins/admin: persist policy settings Howard Chung
2021-08-02 18:51   ` Luiz Augusto von Dentz
2021-08-02  6:12 ` [Bluez PATCH v7 13/13] doc: add description of admin policy Howard Chung

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210802141140.Bluez.v7.1.Ic71b1ed97538a06d02425ba502690bdab1c5d836@changeid \
    --to=howardchung@google.com \
    --cc=howardchung@chromium.org \
    --cc=linux-bluetooth@vger.kernel.org \
    --cc=luiz.dentz@gmail.com \
    --cc=mcchou@chromium.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).