From: Luiz Augusto von Dentz <luiz.dentz@gmail.com>
To: Howard Chung <howardchung@google.com>
Cc: "linux-bluetooth@vger.kernel.org"
<linux-bluetooth@vger.kernel.org>,
Yun-Hao Chung <howardchung@chromium.org>,
Miao-chen Chou <mcchou@chromium.org>
Subject: Re: [Bluez PATCH v7 12/13] plugins/admin: persist policy settings
Date: Mon, 2 Aug 2021 11:51:45 -0700 [thread overview]
Message-ID: <CABBYNZ+8193HOT3YZFigdAjRPQNpkbAFDsdE35zBdKZYEaARhg@mail.gmail.com> (raw)
In-Reply-To: <20210802141140.Bluez.v7.12.Ib26c0abdbd417673a8b5788c175c06110726a68c@changeid>
Hi Howard,
On Sun, Aug 1, 2021 at 11:13 PM Howard Chung <howardchung@google.com> wrote:
>
> From: Yun-Hao Chung <howardchung@chromium.org>
>
> This adds code to store the ServiceAllowlist to file
> /var/lib/bluetooth/{MAC_ADDR}/admin_policy
> The stored settings will be loaded upon admin_policy initialized.
>
> Reviewed-by: Miao-chen Chou <mcchou@chromium.org>
> ---
> The following test steps were performed:
> 1. Set ServiceAllowlist to ["1124","180A","180F","1812", "1801"]
> 2. restart bluetoothd
> 3. Verify ServiceAllowlist is ["1124","180A","180F","1812","1801"] in
> UUID-128 form
> 4. Set ServiceAllowlist to []
> 5. restart bluetoothd
> 6. Verify ServiceAllowlist is []
Please have the format documented in doc/settings-storage.txt
> (no changes since v1)
>
> plugins/admin.c | 169 +++++++++++++++++++++++++++++++++++++++++++++++-
> 1 file changed, 167 insertions(+), 2 deletions(-)
>
> diff --git a/plugins/admin.c b/plugins/admin.c
> index 653195a0e20b..8e6549ea8020 100644
> --- a/plugins/admin.c
> +++ b/plugins/admin.c
> @@ -14,6 +14,9 @@
>
> #include <dbus/dbus.h>
> #include <gdbus/gdbus.h>
> +#include <sys/file.h>
> +#include <sys/stat.h>
> +#include <errno.h>
>
> #include "lib/bluetooth.h"
> #include "lib/uuid.h"
> @@ -24,11 +27,13 @@
> #include "src/error.h"
> #include "src/log.h"
> #include "src/plugin.h"
> +#include "src/textfile.h"
>
> #include "src/shared/queue.h"
>
> #define ADMIN_POLICY_SET_INTERFACE "org.bluez.AdminPolicySet1"
> #define ADMIN_POLICY_STATUS_INTERFACE "org.bluez.AdminPolicyStatus1"
> +#define ADMIN_POLICY_STORAGE STORAGEDIR "/admin_policy_settings"
>
> #define DBUS_BLUEZ_SERVICE "org.bluez"
> #define BTD_DEVICE_INTERFACE "org.bluez.Device1"
> @@ -161,6 +166,8 @@ static void update_device_affected(void *data, void *user_data)
> ADMIN_POLICY_STATUS_INTERFACE, "AffectedByPolicy");
> }
>
> +static void store_policy_settings(struct btd_admin_policy *admin_policy);
Usually we recommend avoiding forward declaration if possible.
> static DBusMessage *set_service_allowlist(DBusConnection *conn,
> DBusMessage *msg, void *user_data)
> {
> @@ -179,7 +186,9 @@ static DBusMessage *set_service_allowlist(DBusConnection *conn,
> return btd_error_invalid_args(msg);
> }
>
> - if (!service_allowlist_set(admin_policy, uuid_list)) {
> + if (service_allowlist_set(admin_policy, uuid_list)) {
> + store_policy_settings(admin_policy);
> + } else {
> free_service_allowlist(uuid_list);
> return btd_error_failed(msg, "service_allowlist_set failed");
> }
> @@ -200,7 +209,7 @@ static const GDBusMethodTable admin_policy_adapter_methods[] = {
> { }
> };
>
> -void append_service_uuid(void *data, void *user_data)
> +static void append_service_uuid(void *data, void *user_data)
> {
> bt_uuid_t *uuid = data;
> DBusMessageIter *entry = user_data;
> @@ -237,6 +246,161 @@ static const GDBusPropertyTable admin_policy_adapter_properties[] = {
> { }
> };
>
> +static void free_uuid_strings(char **uuid_strs, gsize num)
> +{
> + gsize i;
> +
> + for (i = 0; i < num; i++)
> + g_free(uuid_strs[i]);
> + g_free(uuid_strs);
> +}
> +
> +static char **new_uuid_strings(struct queue *allowlist, gsize *num)
> +{
> + const struct queue_entry *entry = NULL;
> + bt_uuid_t *uuid = NULL;
> + char **uuid_strs = NULL;
> + gsize i = 0, allowlist_num;
> +
> + /* Set num to a non-zero number so that whoever call this could know if
> + * this function success or not
> + */
> + *num = 1;
> +
> + allowlist_num = queue_length(allowlist);
> + uuid_strs = g_try_malloc_n(allowlist_num, sizeof(char *));
> + if (!uuid_strs)
> + return NULL;
> +
> + for (entry = queue_get_entries(allowlist); entry != NULL;
> + entry = entry->next) {
> + uuid = entry->data;
> + uuid_strs[i] = g_try_malloc0(MAX_LEN_UUID_STR * sizeof(char));
> +
> + if (!uuid_strs[i])
> + goto failed;
> +
> + bt_uuid_to_string(uuid, uuid_strs[i], MAX_LEN_UUID_STR);
> + i++;
> + }
> +
> + *num = allowlist_num;
> + return uuid_strs;
> +
> +failed:
> + free_uuid_strings(uuid_strs, i);
> +
> + return NULL;
> +}
> +
> +static void store_policy_settings(struct btd_admin_policy *admin_policy)
> +{
> + GKeyFile *key_file = NULL;
> + char *filename = ADMIN_POLICY_STORAGE;
> + char *key_file_data = NULL;
> + char **uuid_strs = NULL;
> + gsize length, num_uuids;
> +
> + key_file = g_key_file_new();
> +
> + uuid_strs = new_uuid_strings(admin_policy->service_allowlist,
> + &num_uuids);
> +
> + if (!uuid_strs && num_uuids) {
> + btd_error(admin_policy->adapter_id,
> + "Failed to allocate uuid strings");
> + goto failed;
> + }
> +
> + g_key_file_set_string_list(key_file, "General", "ServiceAllowlist",
> + (const gchar * const *)uuid_strs,
> + num_uuids);
> +
> + if (create_file(ADMIN_POLICY_STORAGE, 0600) < 0) {
> + btd_error(admin_policy->adapter_id, "create %s failed, %s",
> + filename, strerror(errno));
> + goto failed;
> + }
> +
> + key_file_data = g_key_file_to_data(key_file, &length, NULL);
> + g_file_set_contents(ADMIN_POLICY_STORAGE, key_file_data, length, NULL);
> +
> + g_free(key_file_data);
> + free_uuid_strings(uuid_strs, num_uuids);
> +
> +failed:
> + g_key_file_free(key_file);
> +}
> +
> +static void key_file_load_service_allowlist(GKeyFile *key_file,
> + struct btd_admin_policy *admin_policy)
> +{
> + GError *gerr = NULL;
> + struct queue *uuid_list = NULL;
> + gchar **uuids = NULL;
> + gsize num, i;
> +
> + uuids = g_key_file_get_string_list(key_file, "General",
> + "ServiceAllowlist", &num, &gerr);
> +
> + if (gerr) {
> + btd_error(admin_policy->adapter_id,
> + "Failed to load ServiceAllowlist");
> + g_error_free(gerr);
> + return;
> + }
> +
> + uuid_list = queue_new();
> + for (i = 0; i < num; i++) {
> + bt_uuid_t *uuid = g_try_malloc(sizeof(*uuid));
> +
> + if (!uuid)
> + goto failed;
> +
> + if (bt_string_to_uuid(uuid, *uuids)) {
> +
> + btd_error(admin_policy->adapter_id,
> + "Failed to convert '%s' to uuid struct",
> + *uuids);
> +
> + g_free(uuid);
> + goto failed;
> + }
> +
> + queue_push_tail(uuid_list, uuid);
> + uuids++;
> + }
> +
> + if (!service_allowlist_set(admin_policy, uuid_list))
> + goto failed;
> +
> + return;
> +failed:
> + free_service_allowlist(uuid_list);
> +}
> +
> +static void load_policy_settings(struct btd_admin_policy *admin_policy)
> +{
> + GKeyFile *key_file;
> + char *filename = ADMIN_POLICY_STORAGE;
> + struct stat st;
> +
> + if (stat(filename, &st) < 0) {
> + btd_error(admin_policy->adapter_id,
> + "Failed to get file %s information",
> + filename);
> + return;
> + }
> +
> + key_file = g_key_file_new();
> +
> + g_key_file_load_from_file(key_file, filename, 0, NULL);
> +
> + key_file_load_service_allowlist(key_file, admin_policy);
> +
> + g_key_file_free(key_file);
> +}
> +
> static bool device_data_match(const void *a, const void *b)
> {
> const struct device_data *data = a;
> @@ -305,6 +469,7 @@ static int admin_policy_adapter_probe(struct btd_adapter *adapter)
> if (!policy_data)
> return -ENOMEM;
>
> + load_policy_settings(policy_data);
> adapter_path = adapter_get_path(adapter);
>
> if (!g_dbus_register_interface(dbus_conn, adapter_path,
> --
> 2.32.0.554.ge1b32706d8-goog
>
--
Luiz Augusto von Dentz
next prev parent reply other threads:[~2021-08-02 18:51 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-02 6:12 [Bluez PATCH v7 00/13] Admin policy series Howard Chung
2021-08-02 6:12 ` [Bluez PATCH v7 01/13] core: add is_allowed property in btd_service Howard Chung
2021-08-02 6:50 ` Admin policy series bluez.test.bot
2021-08-02 6:12 ` [Bluez PATCH v7 02/13] core: add adapter and device allowed_uuid functions Howard Chung
2021-08-02 6:12 ` [Bluez PATCH v7 03/13] mcap: add adapter authorization Howard Chung
2021-08-02 18:49 ` Luiz Augusto von Dentz
2021-08-02 6:12 ` [Bluez PATCH v7 04/13] core: block not allowed UUID connect in auth Howard Chung
2021-08-02 6:12 ` [Bluez PATCH v7 05/13] core: add device_added and device_removed to adapter driver Howard Chung
2021-08-02 6:12 ` [Bluez PATCH v7 06/13] plugins: new plugin Howard Chung
2021-08-02 6:12 ` [Bluez PATCH v7 07/13] plugins/admin: add admin_policy adapter driver Howard Chung
2021-08-02 6:12 ` [Bluez PATCH v7 08/13] plugins/admin: add ServiceAllowList method Howard Chung
2021-08-02 6:12 ` [Bluez PATCH v7 09/13] plugins/admin: add ServiceAllowList property Howard Chung
2021-08-02 6:12 ` [Bluez PATCH v7 10/13] plugins/admin: add device callbacks Howard Chung
2021-08-02 6:12 ` [Bluez PATCH v7 11/13] plugins/admin: add AffectedByPolicy property Howard Chung
2021-08-02 6:12 ` [Bluez PATCH v7 12/13] plugins/admin: persist policy settings Howard Chung
2021-08-02 18:51 ` Luiz Augusto von Dentz [this message]
2021-08-02 6:12 ` [Bluez PATCH v7 13/13] doc: add description of admin policy Howard Chung
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CABBYNZ+8193HOT3YZFigdAjRPQNpkbAFDsdE35zBdKZYEaARhg@mail.gmail.com \
--to=luiz.dentz@gmail.com \
--cc=howardchung@chromium.org \
--cc=howardchung@google.com \
--cc=linux-bluetooth@vger.kernel.org \
--cc=mcchou@chromium.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).