Received: by 2002:a05:6a10:16a7:0:0:0:0 with SMTP id gp39csp4209091pxb; Tue, 17 Nov 2020 14:29:05 -0800 (PST) X-Google-Smtp-Source: ABdhPJyp94ZUwwl/DRHOyeSQV4g8lOnnuz/l1ffFtiOCSL6472hxN9KW5blrOFNw6vItawFowhXv X-Received: by 2002:a17:906:7f10:: with SMTP id d16mr21039784ejr.104.1605652145067; Tue, 17 Nov 2020 14:29:05 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1605652145; cv=none; d=google.com; s=arc-20160816; b=HnI5rcXdc+b7hrRB/JjgjUdcBAGuClAWtxu0EcEDTYmMYd8yuG0EGcfa/xEO9Ysh1z tm9ZS7xO/eH/n2Nk33DB1kxmuOqDQtV39PiULt9p6G2C0UBozW3ffTpwWa+4BKU4Cynm wyxyAIf+K6U9F2HWdw8QE1yfkrXuMDrHgZnQgfzdXv7cmcywKLxrKG24V12kMYaZCAnP 6zjaCJHzEfocyXiTtnARcDRaE3rEBxU0GEZDnv9q5KmhMDCpzhPTJPjJr5KCdqW4v54V 19lV/Tm36b6OuhmvuVSWCpkk5gmAV9OUC1VHPTRev0GjLyj50DSnsUBcRd9ajKG17vt8 JWWA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=sfSehidBKoYnhdQ5e+wGWEsX6JlizagXvBE2Fj2QX8k=; b=gDpugkYnH7uwVeelSABOw4HngAeVL3zNzQ0+HS9kRVeRa+haVsVJG3qUoTadrX5PX4 fSjiip5X0+bkndDoVaN76Skj0DYdBqZKYRgBAV5pLV8/AgqKA30hVbgiMMkvNMsd9CMr enRqXIBjlVsQ+NM5FIfrnYs6H4XFtCo3HFt7zcmE8PDbj60nCe2b5myK0dBjihlGTxHi lqlHZYL+MLXWv9s7iUJAsbm3Ei9ZBx9gW/VphoTLyekl6JN5cHn81vYJA8+0Q3D81CEC 4g55HSUl8GQ6ftwIzsN31W8L38mTvvAS3FpXgzBA2K3RLcpSPezEi6of404sMXEwrnKE h0RQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b="fwpfn/nE"; spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id r16si11345365ejb.207.2020.11.17.14.28.40; Tue, 17 Nov 2020 14:29:05 -0800 (PST) Received-SPF: pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b="fwpfn/nE"; spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728748AbgKQW0n (ORCPT + 99 others); Tue, 17 Nov 2020 17:26:43 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59770 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728640AbgKQW0m (ORCPT ); Tue, 17 Nov 2020 17:26:42 -0500 Received: from mail-ot1-x343.google.com (mail-ot1-x343.google.com [IPv6:2607:f8b0:4864:20::343]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7C734C0613CF for ; Tue, 17 Nov 2020 14:26:42 -0800 (PST) Received: by mail-ot1-x343.google.com with SMTP id g19so21045749otp.13 for ; Tue, 17 Nov 2020 14:26:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=sfSehidBKoYnhdQ5e+wGWEsX6JlizagXvBE2Fj2QX8k=; b=fwpfn/nE6Pj+V9dWgkgIyOVDTvP+svQYcwVvYr6JtcSQxznDft30nxn+KJZh0rgZ0V DKc7vZQX1GvQtfasXDLEngjBl5Xz4VBbVbqBuhZKzZZj3PPZRwwHR0LGY6xdS+11ilAM figI5AFVh/4I9SvzTPG6sZVaQeVBpCcYJDP6ZbJ5PhV+nXWH20uAUAT0odSMG/uJ2pT2 jl8Uu3dynjEkEkDqg0poESGUigbYR1ik2k2IqK8ndSSADyhINlmz3keEVifI7Oqo8v0l MsyJoQf1h3CGT4jO43lgNLSQu3v1y8LaUlheskFfRxU7IhjNhFinyFZxpn9/wWKJQIUS zmug== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=sfSehidBKoYnhdQ5e+wGWEsX6JlizagXvBE2Fj2QX8k=; b=DHPKwaSCJI87W0vT9nWC7L8a0Z/ePLJ9YkggPU2CS/syg3apW+pVCnA0GClzr1F5V8 0bPY1IESZOOhxhtjp90XNVIzdJTFgyr7X2RfSz3pkzCQj3VQu0ZDCdpBTkz4XqPQEOL3 0mSi2VW+rsgThGNSJKrHhAQAHR+2e4+3pOrw8hUegtio+UWgI1ebLJ60pfjyn+Ksjbs2 kcJopdTSd19ymzUw7LwdIhyhgkYqFRv1Da1cM37u2oPdsXdvAibC/v45z0HLKhQlfh2L WjG/mNjMmrB31iqnycb9g3QFQ5GYsr/wW5NbV2VOiF8UAXyUcokM3vdeyDVl0DcW6Cxv Bwzg== X-Gm-Message-State: AOAM5325gPQK0nf3vRvfMnj+6zPTxIzluWA+0zVqILd9GZeXJVIKNZzv bpR+nS8fCt2F/fLI7RfNl4zNPs1RItkZGgcrjjo= X-Received: by 2002:a05:6830:18f8:: with SMTP id d24mr4748731otf.44.1605652001714; Tue, 17 Nov 2020 14:26:41 -0800 (PST) MIME-Version: 1.0 References: <20201111011745.2016-1-sonnysasaka@chromium.org> <20201111011745.2016-7-sonnysasaka@chromium.org> In-Reply-To: From: Luiz Augusto von Dentz Date: Tue, 17 Nov 2020 14:26:30 -0800 Message-ID: Subject: Re: [PATCH BlueZ v2 7/7] battery: Implement Battery Provider API To: Sonny Sasaka Cc: Bastien Nocera , BlueZ , Miao-chen Chou Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org Hi Sonny, On Tue, Nov 17, 2020 at 2:20 PM Sonny Sasaka wrote: > > Hi Bastien, > > Thank you for the feedback. Please find my answers below. > > On Tue, Nov 17, 2020 at 2:51 AM Bastien Nocera wrote: > > > > Hey Sonny, > > > > On Tue, 2020-11-10 at 17:17 -0800, Sonny Sasaka wrote: > > > This patch implements the BatteryProvider1 and > > > BatteryProviderManager1 > > > API. This is a means for external clients to feed battery information > > > to > > > BlueZ if they handle some profile and can decode battery reporting. > > > > > > The battery information is then exposed externally via the existing > > > Battery1 interface. UI components can consume this API to display > > > Bluetooth peripherals' battery via a unified BlueZ API. > > > > Was this patch reviewed for potential security problems? From the top > > of my head, the possible problems would be: > > - I don't see any filters on which user could register battery > > providers, so on a multi user system, you could have a user logged in > > via SSH squatting all the battery providers, while the user "at the > > console" can't have their own providers. Also, what happens if the user > > at the console changes (fast user switching)? > > - It looks like battery providers don't check for paired, trusted or > > even connected devices, so I would be able to create nearly unbound > > number of battery providers depending on how big the cache for "seen" > > devices is. > For security, the API can be access-limited at D-Bus level using D-Bus > configuration files. For example, we can let only trusted UNIX users > as the callers for this API. This D-Bus config file would be > distribution-specific. In Chrome OS, for example, only the "audio" and > "power" users are allowed to call this API. This way we can make sure > that the callers do not abuse the API for denial-of-service kind of > attack. I guess there is still some the risk of conflicts even with the use of D-Bus policy blocking roge applications, there could still be multiple entities providing the battery status from the same source, which is why I suggested we couple the Battery1 with the Profile1, so only the entity that has registered to handle let say HFP can provide a battery status and we automatically deduce the source is from HFP. > > > > Given that the interface between upower and bluez is supposedly > > trusted, it might be good to ensure that there are no fuzzing problems > > on the bluez API side that could translate to causing problems in > > upower itself. > Could you give an example of what potential problems of upower can be > caused by communicating with BlueZ through this API? > > > > > I didn't review the code in depth, but, having written this mechanism > > for Bluetooth battery reporting, I think that this is the right way to > > go to allow daemons like pulseaudio to report battery status. > > > > Cheers > > -- Luiz Augusto von Dentz