Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp373640pxf;
        Thu, 1 Apr 2021 03:32:38 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJzVD4MsxF6ShATT/Z9/RIUXnicCe/1RA2qyB/QIcUkWnufaA459wHsvF7ti0zPm5e9++MlU
X-Received: by 2002:a17:906:e2d4:: with SMTP id gr20mr8472737ejb.432.1617273157986;
        Thu, 01 Apr 2021 03:32:37 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1617273157; cv=none;
        d=google.com; s=arc-20160816;
        b=q9BBEhmYusE71f/HBRUBzIe8FAEV+7n/vNy8doGtSG/ZOZ0iQ4o620GugEjVnVMFPN
         5Na1nWNpPgwbUuV9SP7T2HShuvPdB7/CvoudTPpnMx4MAdHbJ20Lf5RsilSZZdCpajuE
         1nXDukFEvX884+3j1+HvTrLEapjiT743/aoGgQVdoVvEPOjgwC08FeGp/AJ18wbHc7AR
         CDl7+vz6sPW4rHLdonHywF2iNPBstNK/7qAdgr3OWVHd0vSiXjqTFK9EkTjjRPUWD8Is
         eejgX3MWdM4TY4jEc/Q/bjknCmF/89nOVoAsNYXnu1dWnLUowbzTEaDA3oUTwcutld6o
         H2hw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:cc:to:from:subject:references:mime-version
         :message-id:in-reply-to:date:dkim-signature;
        bh=7Ua0WliPqrqCi5wQ2LPIjibksmzA56fcFfO1yAgxvpY=;
        b=J3yZdMgAv0W4F8TkAAXTeuTdt1ODGxLMM60BDYiJO+JGwbgD/dr3gvwYcYrL/t+h4N
         g3/duCERlZBUWDyV76+y4yL+X68g9RbCd1IkjLKsWHiu/jzWGOSmy2Li9fXZlrTxxBdi
         KcnQ0EnDl4xL87VGYEv/MTU4kZNuJszQj0zCS5l9lO7el6WH2pKOWTG8yJ+YSEMrx+73
         9eaJbZo5wVbD+VaI/lC11+pZyaSD8C4OrqT6ISs44gUWjsX0AoOMDtBHIFYq30DvPCYD
         8bFGDvvzxMWsg3trnHvLC+kGssnPq+GyUOIC58ft/XatKgsMvrFTMPUMEvvZ1f28WKYp
         qmYA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=Ls3jgrki;
       spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-bluetooth-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id y10si3608057ejw.185.2021.04.01.03.31.56;
        Thu, 01 Apr 2021 03:32:37 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=Ls3jgrki;
       spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S234089AbhDAK2M (ORCPT <rfc822;mail2rakeshmkos@gmail.com>
        + 99 others); Thu, 1 Apr 2021 06:28:12 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50704 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S234071AbhDAK1u (ORCPT
        <rfc822;linux-bluetooth@vger.kernel.org>);
        Thu, 1 Apr 2021 06:27:50 -0400
Received: from mail-yb1-xb4a.google.com (mail-yb1-xb4a.google.com [IPv6:2607:f8b0:4864:20::b4a])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5572DC061797
        for <linux-bluetooth@vger.kernel.org>; Thu,  1 Apr 2021 03:25:32 -0700 (PDT)
Received: by mail-yb1-xb4a.google.com with SMTP id l83so5282722ybf.22
        for <linux-bluetooth@vger.kernel.org>; Thu, 01 Apr 2021 03:25:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=date:in-reply-to:message-id:mime-version:references:subject:from:to
         :cc;
        bh=7Ua0WliPqrqCi5wQ2LPIjibksmzA56fcFfO1yAgxvpY=;
        b=Ls3jgrkiwN1iVOtLfboEMAF91oH9HdiyjI2dkZQd1KftC69D1+xE8PvUpgW8I0TLrl
         rERuQOqY7oy6xIDTk8/vGtrCpDbyfkvN8wdiZXzS2g8DbfT9B/hs3YLj1po/XUJyNbTR
         /M179qZlCa5tQ7hNOidB2WCYVa65Nwjz2b1H36hJM80/43UHrqBLQRS9GypM50VqCYOE
         WTmb78r6bt6TR2aJLlhYpofXnuRP3//yhFy52HGbfe9/s9vXQxGq20tyU5hMG/lUJoUY
         m1t1R/wcvEwTRJ/Brxld/mukI7VZWTjuLFJOPNNCkM/9kOMgherFALZK1uTeRUCrinwX
         fpEw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:date:in-reply-to:message-id:mime-version
         :references:subject:from:to:cc;
        bh=7Ua0WliPqrqCi5wQ2LPIjibksmzA56fcFfO1yAgxvpY=;
        b=H+8A++K7/ZiHviQ4xU4S1uuFIg5bRG+FpmPkuQUCzPguoWqGd4AmYawYfl0aZfCv9V
         FiEnU4zKrDblVvWJyLk7EVREVNZVhqNjjCEWmdmYvyumwK2qwtdwTL3pbfnJZ31ulS3V
         koDTRZ++nO55bA9mQllrLFWtXavPhCwoXG+etKncXc/6qiPcR/RXc6/I8+PlZi/BooIP
         8hnYZeL5VuzoDHdJA5EfrvMnAxQjYUrW7x12zft59mQE+ldlpDA6ZwLOE75rxTOibCnE
         e02xF3LBiY6L09hwhJUIoBKYzwSiy/5LXvVtjkUS3/YEft20EHm6OORfFfwu0L8LP0xT
         +K4A==
X-Gm-Message-State: AOAM533aR9JkEsafmuiyJw87FtGFI5W7YFDg3yVwcHuthBPyTc2CLD+N
        Z1k3ApbDjDQ9359V6mK33IZ2N84tGjmzocodak6BCaYTJXTy2vpZ0nSvVvU5HiCXPS+ARhtJePT
        9Q/hh0T7zA8Mvsto0x59HaRXOevEghZpyKkZJaV1H4CyvNwx1A4c1HFfZBaeA22YHwEOI5g4Zk7
        ShYMOd19C6loU=
X-Received: from howardchung-p920.tpe.corp.google.com ([2401:fa00:1:10:ad88:abe:9fd5:a5fc])
 (user=howardchung job=sendgmr) by 2002:a25:6a83:: with SMTP id
 f125mr10235299ybc.120.1617272731442; Thu, 01 Apr 2021 03:25:31 -0700 (PDT)
Date:   Thu,  1 Apr 2021 18:24:43 +0800
In-Reply-To: <20210401102447.3958224-1-howardchung@google.com>
Message-Id: <20210401182328.Bluez.4.I6981df13b7eda6fd9e0a46f11211565a3826ec95@changeid>
Mime-Version: 1.0
References: <20210401102447.3958224-1-howardchung@google.com>
X-Mailer: git-send-email 2.31.0.291.g576ba9dcdaf-goog
Subject: [Bluez PATCH 4/8] input/hog: block connection by policy
From:   Howard Chung <howardchung@google.com>
To:     linux-bluetooth@vger.kernel.org, luiz.dentz@gmail.com
Cc:     Howard Chung <howardchung@google.com>,
        Miao-chen Chou <mcchou@chromium.org>
Content-Type: text/plain; charset="UTF-8"
Precedence: bulk
List-ID: <linux-bluetooth.vger.kernel.org>
X-Mailing-List: linux-bluetooth@vger.kernel.org

This blocks HoG connection if ServiceAllowList is set and some of the
mandatory services are not in the allowlist.

Reviewed-by: Miao-chen Chou <mcchou@chromium.org>
---

 profiles/input/hog.c | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/profiles/input/hog.c b/profiles/input/hog.c
index d50b823213b5..af4f73daf2b1 100644
--- a/profiles/input/hog.c
+++ b/profiles/input/hog.c
@@ -168,6 +168,27 @@ static void hog_remove(struct btd_service *service)
 	hog_device_free(dev);
 }
 
+static bool mandatory_services_are_allowed(struct btd_service *service)
+{
+	static const char * const mandatory_uuids[] = {DEVICE_INFORMATION_UUID,
+						BATTERY_UUID, HOG_UUID, NULL};
+	struct btd_device *device = btd_service_get_device(service);
+	struct btd_adapter *adapter = device_get_adapter(device);
+	struct btd_profile *p = btd_service_get_profile(service);
+
+	int i;
+
+	for (i = 0; mandatory_uuids[i] != NULL; i++) {
+		if (!btd_adapter_uuid_is_allowed(adapter, mandatory_uuids[i])) {
+			DBG("mandatory service %s is blocked by policy",
+							mandatory_uuids[i]);
+			return false;
+		}
+	}
+
+	return true;
+}
+
 static int hog_accept(struct btd_service *service)
 {
 	struct hog_device *dev = btd_service_get_user_data(service);
@@ -221,6 +242,7 @@ static struct btd_profile hog_profile = {
 	.accept		= hog_accept,
 	.disconnect	= hog_disconnect,
 	.auto_connect	= true,
+	.mandatory_services_are_allowed = mandatory_services_are_allowed,
 };
 
 static int hog_init(void)
-- 
2.31.0.291.g576ba9dcdaf-goog