Received: by 2002:a05:6a10:16a7:0:0:0:0 with SMTP id gp39csp344760pxb; Thu, 19 Nov 2020 02:45:34 -0800 (PST) X-Google-Smtp-Source: ABdhPJxjfMhNrv97WbNr//INQbx8jWSmjwsnrG3F98o3VKruAuTt+RXWgwalhvUVI13szj//Wbmi X-Received: by 2002:a17:906:1412:: with SMTP id p18mr27984249ejc.480.1605782734588; Thu, 19 Nov 2020 02:45:34 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1605782734; cv=none; d=google.com; s=arc-20160816; b=cQA+LwccoWWyVcU2i3Ljyh7YUpLMKYC0GwYgMYhSnNqJxjLJWgyB/INhh26F/BTLY2 HKB12G8/o79qPXn/SIUs3HHni8e6dTmkKdOMJuTpvrBWxc18RxIW08GXooIBwJ2CyTG0 LI6vwAPcGhW4qcdL0z3YV+Qq5+VDGxMCnUciJhvzI4wPYbAERyyw+tUeYYiSnxn1iIAa 9bpGj3ACGOstLOI+oAnYmFZNL+MSdYmWocGdqvTxDxEVXwFkBZGtykgL00eM6p+ELvLZ 17onf+inBscyhaDdRxVcAao5ofI/IEj4+2xR9v20LlT2eLB/dsqkePVXJ8vQaUZ9DPLO nONw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:date:cc:to:from:subject :message-id; bh=XFyl4KGvjmKbGb/hXHDWt1kEYVGdH9HUtjQfB05HELo=; b=ZVN2sZAy2TZsa44IXV2lfeyFRHlIDLX8TJVbzjnoywgIuZmKM5aYFWHkUW2+yt6v84 fAxiRDzidRWTYfec9fowfsPXmWp0x8riJq0XU7omICdheVn3qQSuaDdtBZfKmlN04VE7 Zs1rzWUXdHu7nz1kzsz4duLKiYqjaeuw1QJ8A7Szs7ggaLdZT3TQlujyOeRFmpwG1mg7 lEJCjgblcK+VTIEF1JblnDNkt2V2CrSiJNnwiiLWVw3KhBTIC8ZqUxmtcqsIOclEtnL3 N+ifbrwGm65M7xin6k9wxX89TfXRzul3csDw4zor7x7Sbb91qD4TqtilJEj+2xKUKRmd Qmww== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id l9si4463804eji.419.2020.11.19.02.44.55; Thu, 19 Nov 2020 02:45:34 -0800 (PST) Received-SPF: pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726618AbgKSKou (ORCPT + 99 others); Thu, 19 Nov 2020 05:44:50 -0500 Received: from relay3-d.mail.gandi.net ([217.70.183.195]:35267 "EHLO relay3-d.mail.gandi.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726616AbgKSKou (ORCPT ); Thu, 19 Nov 2020 05:44:50 -0500 X-Originating-IP: 82.255.60.242 Received: from [192.168.0.28] (lns-bzn-39-82-255-60-242.adsl.proxad.net [82.255.60.242]) (Authenticated sender: hadess@hadess.net) by relay3-d.mail.gandi.net (Postfix) with ESMTPSA id 2817060017; Thu, 19 Nov 2020 10:44:47 +0000 (UTC) Message-ID: <815b138fb849b56a5ec71045b54c86f99ed9df2c.camel@hadess.net> Subject: Re: [PATCH BlueZ v2 7/7] battery: Implement Battery Provider API From: Bastien Nocera To: Sonny Sasaka Cc: BlueZ , Miao-chen Chou Date: Thu, 19 Nov 2020 11:44:47 +0100 In-Reply-To: References: <20201111011745.2016-1-sonnysasaka@chromium.org> <20201111011745.2016-7-sonnysasaka@chromium.org> Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.38.1 (3.38.1-1.fc33) MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org On Tue, 2020-11-17 at 14:16 -0800, Sonny Sasaka wrote: > Hi Bastien, > > Thank you for the feedback. Please find my answers below. > > On Tue, Nov 17, 2020 at 2:51 AM Bastien Nocera > wrote: > > > > Hey Sonny, > > > > On Tue, 2020-11-10 at 17:17 -0800, Sonny Sasaka wrote: > > > This patch implements the BatteryProvider1 and > > > BatteryProviderManager1 > > > API. This is a means for external clients to feed battery > > > information > > > to > > > BlueZ if they handle some profile and can decode battery > > > reporting. > > > > > > The battery information is then exposed externally via the > > > existing > > > Battery1 interface. UI components can consume this API to display > > > Bluetooth peripherals' battery via a unified BlueZ API. > > > > Was this patch reviewed for potential security problems? From the > > top > > of my head, the possible problems would be: > > - I don't see any filters on which user could register battery > > providers, so on a multi user system, you could have a user logged > > in > > via SSH squatting all the battery providers, while the user "at the > > console" can't have their own providers. Also, what happens if the > > user > > at the console changes (fast user switching)? > > - It looks like battery providers don't check for paired, trusted > > or > > even connected devices, so I would be able to create nearly unbound > > number of battery providers depending on how big the cache for > > "seen" > > devices is. > For security, the API can be access-limited at D-Bus level using D- > Bus > configuration files. For example, we can let only trusted UNIX users > as the callers for this API. This D-Bus config file would be > distribution-specific. In Chrome OS, for example, only the "audio" > and > "power" users are allowed to call this API. This way we can make sure > that the callers do not abuse the API for denial-of-service kind of > attack. That wouldn't solve it, the point is to avoid one user causing problems for another logged in user. If both users are in the audio group, which they'd likely be to be able to use the computer, they'd be able to cause problems to each other. > > > > > Given that the interface between upower and bluez is supposedly > > trusted, it might be good to ensure that there are no fuzzing > > problems > > on the bluez API side that could translate to causing problems in > > upower itself. > Could you give an example of what potential problems of upower can be > caused by communicating with BlueZ through this API? I haven't looked at the code in depth, but I would expect property types to be checked before being exported, rather than relying on the original dbus type matching the expected export type, this sort of thing. > > > > > I didn't review the code in depth, but, having written this > > mechanism > > for Bluetooth battery reporting, I think that this is the right way > > to > > go to allow daemons like pulseaudio to report battery status. > > > > Cheers > >