Received: by 2002:a25:e7d8:0:0:0:0:0 with SMTP id e207csp336868ybh; Mon, 9 Mar 2020 23:07:38 -0700 (PDT) X-Google-Smtp-Source: ADFU+vtJzqBj+zVQlXujklwY5KlQIP0MQ3SkkaRaLENv1M1PT4by47Zvaqz6z3jXSauSwY3Y21S7 X-Received: by 2002:a05:6808:b30:: with SMTP id t16mr34585oij.117.1583820458308; Mon, 09 Mar 2020 23:07:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1583820458; cv=none; d=google.com; s=arc-20160816; b=Wokyeot5Q6t07M92rhUS0+by7KzsAraRCBfyHnHSeJwzWnVq3ej9yy/LNXoqLzlU0y 9oLMooA6PFqeXQwXMGeD8obX8p1wLwJMaXic2zpJq1VA1ZEHAt7f8Jy+ECxfurEqDXvx o4oXOsIuGLTWi/vljaI5pevgPKadfaDAaUIGIBFx+ws0dwVUSXQpIgfMDeoZIhYP2zkL ONTaly0wqAJMSVbTYdSKzROqGODp9Ubtuc8dIql/eykI7W7EzCfxFJdgvfATLAwDaSFm CzdoBUYtFnOY53vLYMzyFLnKe4j7GKcqxg0bgrI22aMmQd9DIQkeJiannIF3gaLNdSAs YQfA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=kMsB7ODugHJLMK1rCXKFSOq1ym/jlDUVx64dEEGLh6c=; b=MGKvUwzbSq/FIve4W+TNg30z2+XmZhe4tcoiaYAx/Az/VVebft0yTY9aKrW6/FIXYH aDQ2txfKf6vePWd8aTV5FAyReUWwGtwxxC9IDYRzM06Tm+bn1pOqxg7ejkcDUb9wrnkO zzStJQ9tzrqgDrPhXVo6WBlnif2GnVJ5mbAJk/RvfnU4NdPdTY/2HHSUVygV70LSwWWa unYafGqnWFIflaQtA/m9fLc5jw5PIcmnWp5TaqVdTIJdOt4dxdfBXxpaQFvenTNEh+3Z yae00JWsOyAMjOexblUBjqYmSCKrAhEHUsVNJgbnbp9rDQNHgjesRfYwnUzYd5S/ZZo0 kdPg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=RQd0lRce; spf=pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e6si4710432oig.223.2020.03.09.23.07.11; Mon, 09 Mar 2020 23:07:38 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=RQd0lRce; spf=pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726100AbgCJGFM (ORCPT + 99 others); Tue, 10 Mar 2020 02:05:12 -0400 Received: from mail-ot1-f68.google.com ([209.85.210.68]:34012 "EHLO mail-ot1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726202AbgCJGFL (ORCPT ); Tue, 10 Mar 2020 02:05:11 -0400 Received: by mail-ot1-f68.google.com with SMTP id j16so12096896otl.1 for ; Mon, 09 Mar 2020 23:05:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=kMsB7ODugHJLMK1rCXKFSOq1ym/jlDUVx64dEEGLh6c=; b=RQd0lRceslnJ5JSuvUPDB8/P+V2tBKhEkhTk7+HJSj+DkEmbc0BaXHcup+NaqSiy2i MSxc2jog/5yhtQP+Iz1ofHZc981Dc9mcaZutR5pMWtPiEkNAXAjjXjWKgbvJiQ3zncEo 3oEaBGRblD4uGPZ37TB/A/iYBCQB7avtxTno2BBlg3bV54VTzlC8EgN7JbWcpfBJXRI6 UAgTTqVXGfOXYzpiTv+/AghDuO23XOrRjMLAJi8S9CdZjOhNsyJNa5USPiZD1ZCv+w+l +RnA/xQeJl0afAxRPu4v7t0uLA78UgKlQjSN/6jPaq7MvKQGdF7bXn/UDOaULl6JieiU 71MA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=kMsB7ODugHJLMK1rCXKFSOq1ym/jlDUVx64dEEGLh6c=; b=lJEsRDc9yREVnSRqB+WrgUChSF+5ScbKyGmdf98v2K0DHB56tE38f06e5+xF0e9kA0 uzhIsy/OAk0Yc4bt3vBelcrcRvlDwn8avkQDjTnKkGi+W1g2ymfm5L0aOUKyREbBekx1 Gozt5ox68wbShcfX+j9xDA8iwurtKXqafwdCU6SDuAafs743vGa74EEbpzQOK8s9bU0B F905jXJzakzGRM370n+TMpqFjWz2yaloV2F0x1VBfiz38MLod450AxQsmrlPpf6arFZV l4bklsi3sdwCZqADNUlF3TEO58mmsmvphUsJIsf4iKqhpGf3lPLijv7IKMT5UMKQgx7R q8LA== X-Gm-Message-State: ANhLgQ0JuJBFY9Kl1iQvfbEZl5xxTwAvstI0w2s1oO8uzDEU4xOmM2fj LMS1bvCrxlEi3uWHzWBOPJeBMK8AO4RF08v7D2Y= X-Received: by 2002:a9d:3f4b:: with SMTP id m69mr14691388otc.146.1583820310905; Mon, 09 Mar 2020 23:05:10 -0700 (PDT) MIME-Version: 1.0 References: <20200310023516.209146-1-alainm@chromium.org> <20200310023516.209146-2-alainm@chromium.org> In-Reply-To: <20200310023516.209146-2-alainm@chromium.org> From: Luiz Augusto von Dentz Date: Mon, 9 Mar 2020 23:04:58 -0700 Message-ID: Subject: Re: [BlueZ PATCH 1/2] HOGP must only accept data from bonded devices. To: Alain Michaud Cc: "linux-bluetooth@vger.kernel.org" Content-Type: text/plain; charset="UTF-8" Sender: linux-bluetooth-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org Hi Alain, On Mon, Mar 9, 2020 at 7:37 PM Alain Michaud wrote: > > HOGP 1.0 Section 6.1 establishes that the HOGP must require bonding. > > Reference: > https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.htm > --- > > profiles/input/hog.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/profiles/input/hog.c b/profiles/input/hog.c > index 83c017dcb..dfac68921 100644 > --- a/profiles/input/hog.c > +++ b/profiles/input/hog.c > @@ -186,6 +186,10 @@ static int hog_accept(struct btd_service *service) > return -EINVAL; > } > > + /* HOGP 1.0 Section 6.1 requires bonding */ > + if (!device_is_bonded(device, btd_device_get_bdaddr_type(device))) > + return -ECONNREFUSED; Perhaps attempting to elevate the security level would be better than just refuse to attach the instance since otherwise we may end up with connecting services like battery, etc, leaving the device half working. > /* TODO: Replace GAttrib with bt_gatt_client */ > bt_hog_attach(dev->hog, attrib); > > -- > 2.25.1.481.gfbce0eb801-goog > -- Luiz Augusto von Dentz