Received: by 2002:a05:6a10:16a7:0:0:0:0 with SMTP id gp39csp1157096pxb; Fri, 20 Nov 2020 02:37:12 -0800 (PST) X-Google-Smtp-Source: ABdhPJyUlNUcYWxM/Nng7VAIfCGuCGTVMOYXIlZBQR0vJSrHwN7Srb2Q9PBMK+Yb3e9MB5gEdBeJ X-Received: by 2002:a05:6402:2da:: with SMTP id b26mr33894019edx.176.1605868632666; Fri, 20 Nov 2020 02:37:12 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1605868632; cv=none; d=google.com; s=arc-20160816; b=KOZKB8rLHC61OE/8/gl+sO764IouPd+770KdNhPB7fPRv6i940OYtjCSUzkW/78tnM +DuYk0cjWkTl6prLHyOG8VsqP4uHT+Rfb0g7fUqJPiSmm52wlht3pRduxDy/ZxERtjJm D15kzZgOBR0d/ZN7gnkj5LTW0tqJCRrjsF5BZFLJhv0yGcdFEyL3YluWRF2VwJTbMS4l TGr6fWjVMMPL4f08gRBHyIgfoPaiJIYJPRNM+3meKZj1ALk1a6DCVKAuMg9jGwHbBWT0 jCeE09MUr9hh3CQF67kOPGA8Dz91h9I7deTYcrQ6LZgUXPloWxubQkpUjJ4zSVp6oZnx 2NbQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:date:cc:to:from:subject :message-id; bh=ovweyKpk/mFHodw4TXcLi0Xl12sKmQB8H8Q4JNova98=; b=XDEI+NFrQsfA6dAaapL5vXd1+bVMyy7dBz6KE0VCHnWR/tl6trP+xIUtbOScTrT2w2 e7xr4dVL2WlGXWzMFsNxuiNeuT3DbfMa+p9YzoZSbgRL1WuphcmjrLx+pfphbGfkSUiY 4uXLLGrm6cvTcCl0bjEbeL7ITPHI0xUvNpPw97z9hsatFyP+DOyLzbwfihZQYUEisbMQ bIFFwLLnKgryWcRywkLcRe65kcDdqZPpt+LZcFGGCJMj8JjD9oQpYYaXoaVkzK5j3Ylb L+vElQP7Ut9r9YAnMgQExLL6AUXGh8NfxedXbwBJUCbLZ9H+Zu+wlT6GkIYdmKBiOrYK GRHQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id 93si1594372edm.94.2020.11.20.02.36.35; Fri, 20 Nov 2020 02:37:12 -0800 (PST) Received-SPF: pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725766AbgKTKds (ORCPT + 99 others); Fri, 20 Nov 2020 05:33:48 -0500 Received: from relay3-d.mail.gandi.net ([217.70.183.195]:53425 "EHLO relay3-d.mail.gandi.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727163AbgKTKdr (ORCPT ); Fri, 20 Nov 2020 05:33:47 -0500 X-Originating-IP: 82.255.60.242 Received: from [192.168.0.28] (lns-bzn-39-82-255-60-242.adsl.proxad.net [82.255.60.242]) (Authenticated sender: hadess@hadess.net) by relay3-d.mail.gandi.net (Postfix) with ESMTPSA id EFD5260006; Fri, 20 Nov 2020 10:33:42 +0000 (UTC) Message-ID: <8b0420db9d7a9ee73c323fb311ee4faadacead1f.camel@hadess.net> Subject: Re: [PATCH BlueZ v2 7/7] battery: Implement Battery Provider API From: Bastien Nocera To: Sonny Sasaka Cc: BlueZ , Miao-chen Chou Date: Fri, 20 Nov 2020 11:33:42 +0100 In-Reply-To: References: <20201111011745.2016-1-sonnysasaka@chromium.org> <20201111011745.2016-7-sonnysasaka@chromium.org> <815b138fb849b56a5ec71045b54c86f99ed9df2c.camel@hadess.net> Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.38.1 (3.38.1-1.fc33) MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org On Thu, 2020-11-19 at 12:20 -0800, Sonny Sasaka wrote: > Hi Bastien, > > On Thu, Nov 19, 2020 at 2:44 AM Bastien Nocera > wrote: > > > > On Tue, 2020-11-17 at 14:16 -0800, Sonny Sasaka wrote: > > > Hi Bastien, > > > > > > Thank you for the feedback. Please find my answers below. > > > > > > On Tue, Nov 17, 2020 at 2:51 AM Bastien Nocera > > > > > > wrote: > > > > > > > > Hey Sonny, > > > > > > > > On Tue, 2020-11-10 at 17:17 -0800, Sonny Sasaka wrote: > > > > > This patch implements the BatteryProvider1 and > > > > > BatteryProviderManager1 > > > > > API. This is a means for external clients to feed battery > > > > > information > > > > > to > > > > > BlueZ if they handle some profile and can decode battery > > > > > reporting. > > > > > > > > > > The battery information is then exposed externally via the > > > > > existing > > > > > Battery1 interface. UI components can consume this API to > > > > > display > > > > > Bluetooth peripherals' battery via a unified BlueZ API. > > > > > > > > Was this patch reviewed for potential security problems? From > > > > the > > > > top > > > > of my head, the possible problems would be: > > > > - I don't see any filters on which user could register battery > > > > providers, so on a multi user system, you could have a user > > > > logged > > > > in > > > > via SSH squatting all the battery providers, while the user "at > > > > the > > > > console" can't have their own providers. Also, what happens if > > > > the > > > > user > > > > at the console changes (fast user switching)? > > > > - It looks like battery providers don't check for paired, > > > > trusted > > > > or > > > > even connected devices, so I would be able to create nearly > > > > unbound > > > > number of battery providers depending on how big the cache for > > > > "seen" > > > > devices is. > > > For security, the API can be access-limited at D-Bus level using > > > D- > > > Bus > > > configuration files. For example, we can let only trusted UNIX > > > users > > > as the callers for this API. This D-Bus config file would be > > > distribution-specific. In Chrome OS, for example, only the > > > "audio" > > > and > > > "power" users are allowed to call this API. This way we can make > > > sure > > > that the callers do not abuse the API for denial-of-service kind > > > of > > > attack. > > > > That wouldn't solve it, the point is to avoid one user causing > > problems > > for another logged in user. If both users are in the audio group, > > which > > they'd likely be to be able to use the computer, they'd be able to > > cause problems to each other. > > If I understand your case correctly, both users being in "audio" > group > still won't allow them both to become battery providers because the > D-Bus policy only allows "audio" user and not "audio" group. OK, I guess that means that this is a separate daemon running as a different user, not, say, PulseAudio running in the user's session feeding information. Is that right? Either way, I guess we'll need to test this out once the feature is merged. Apart from the concern about having to duplicate the exported properties, the rest looks good. I've made some additional comments about the architecture in the design document you shared, but those should not have any impact on the implementation. Good job :)