From patchwork Thu Jul 22 07:23:11 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Yun-hao Chung <howardchung@google.com>
X-Patchwork-Id: 484004
Return-Path: <linux-bluetooth-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
 aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-26.3 required=3.0 tests=BAYES_00,DKIMWL_WL_MED,
 DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,
 INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE,
 SPF_PASS, 
 URIBL_BLOCKED,USER_AGENT_GIT,USER_IN_DEF_DKIM_WL autolearn=ham
 autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
 by smtp.lore.kernel.org (Postfix) with ESMTP id 22AAFC6377D
 for <linux-bluetooth@archiver.kernel.org>;
 Thu, 22 Jul 2021 07:23:32 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
 by mail.kernel.org (Postfix) with ESMTP id 00F4461279
 for <linux-bluetooth@archiver.kernel.org>;
 Thu, 22 Jul 2021 07:23:31 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
 id S230051AbhGVGmz (ORCPT
 <rfc822;linux-bluetooth@archiver.kernel.org>);
 Thu, 22 Jul 2021 02:42:55 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60746 "EHLO
 lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by
 vger.kernel.org with ESMTP id S229573AbhGVGmz (ORCPT
 <rfc822;linux-bluetooth@vger.kernel.org>);
 Thu, 22 Jul 2021 02:42:55 -0400
Received: from mail-yb1-xb49.google.com (mail-yb1-xb49.google.com
 [IPv6:2607:f8b0:4864:20::b49])
 by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EAA2EC061575
 for <linux-bluetooth@vger.kernel.org>;
 Thu, 22 Jul 2021 00:23:30 -0700 (PDT)
Received: by mail-yb1-xb49.google.com with SMTP id
 h7-20020a5b0a870000b029054c59edf217so6468017ybq.3
 for <linux-bluetooth@vger.kernel.org>;
 Thu, 22 Jul 2021 00:23:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025;
 h=date:in-reply-to:message-id:mime-version:references:subject:from:to
 :cc; bh=unuOLAlYGAjYes9X3seLt6Z+Aoy0/fCg70BicS4XsJ8=;
 b=jMgKusOKPfWO+/HZKZUX8MO/KQvSVI9AxNobNfJ+plBNHPjyBHINYSdcDVPSjSrXDJ
 KCBKNRPn6TCLq9e/l7DYOj7QE/V8fWJJNw3ZkO232wqTTs7H7uNncMtv1zlej+ONKY/n
 x8B2YHcQEnePU9nMqc09F0UwCmvzYMnKxw/y4s/VOxnVhJEzjSbliXq1S3FfbN7R2RZB
 JpZSeVyjcir4g8FCDjljKB33A/ommlCqQ1pHmZA24wpJCoWz8XQ33lnKmpJgpA9TmiDb
 4TYbdaZ5OoX1nupeN+lfMrLfRpEMuKdLX1rGDHbOqj1G2Zv2neOo0joAJ4xpm/7u/ls2
 sYww==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:date:in-reply-to:message-id:mime-version
 :references:subject:from:to:cc;
 bh=unuOLAlYGAjYes9X3seLt6Z+Aoy0/fCg70BicS4XsJ8=;
 b=UqplosjLn6p5XRQOvpyHbF4zBqnDogSIiE/gwQCoaNbm6TqaLdgvHQh4kZHk121hnT
 t5ipw0MRsmSboIEW1tDmNdhFZ67Ia4lw46lrPAVUTMi2mva7wW/g0YiHV2jJQmQk14ak
 IrShs2SnDkDW4tNJWNmxe8AnSm54eSjJJs9du4PkLGRk/JPDz0p2QkpsDQMPD5Jn+yke
 G0bMQulyxzNSdICrVy1rcjAHTMydsikIHt+tJOmZdjAiHsv9R0TY6/RrcRLtjEewJfYR
 UZ2O60F9PR5ubVsW0mF9Edu63SXhJPO4LJijET/eMI+DBTqaDiiw8BBo8xN9A8H9VKh1
 HMlQ==
X-Gm-Message-State: AOAM530nKic5Ea/8RaO2+j2QkTVVxpQBTxp/s631zZpynBAV6IfEK7nw
 IACwGgCTE35FChDgXyWLGi+kopE6YixU4riy5MBInxSkc9ox0yPGPwT2mC9lcHN1VWgkIJVmtMC
 Tpevckfcz+ZaX8IWB/hJfRm4rnTX8epJGnZ4ZP+LMjL83omSMTYpBQ/8H9QYx6/kYBxL36h35Pe
 C24fG0cXrku+A=
X-Google-Smtp-Source: ABdhPJwTMH0u5Sk4WYO9qYtz7W198nGrhZUCRhmGK0OcKNJBjoRoEjzMHdNE26tvguInNMeYqNxinisDXFu+uuEtGA==
X-Received: from howardchung-p920.tpe.corp.google.com
 ([2401:fa00:1:10:69a3:595f:8267:f7e0])
 (user=howardchung job=sendgmr) by 2002:a25:ac90:: with SMTP id
 x16mr49112067ybi.316.1626938610032;
 Thu, 22 Jul 2021 00:23:30 -0700 (PDT)
Date: Thu, 22 Jul 2021 15:23:11 +0800
In-Reply-To: <20210722072321.1225119-1-howardchung@google.com>
Message-Id: <20210722152159.Bluez.v2.1.Ic71b1ed97538a06d02425ba502690bdab1c5d836@changeid>
Mime-Version: 1.0
References: <20210722072321.1225119-1-howardchung@google.com>
X-Mailer: git-send-email 2.32.0.402.g57bb445576-goog
Subject: [Bluez PATCH v2 01/11] core: add is_allowed property in btd_service
From: Howard Chung <howardchung@google.com>
To: linux-bluetooth@vger.kernel.org, luiz.dentz@gmail.com
Cc: Yun-Hao Chung <howardchung@chromium.org>,
 Miao-chen Chou <mcchou@chromium.org>
Precedence: bulk
List-ID: <linux-bluetooth.vger.kernel.org>
X-Mailing-List: linux-bluetooth@vger.kernel.org

From: Yun-Hao Chung <howardchung@chromium.org>

This adds is_allowed property in btd_service. When is_allowed is set to
false, calling btd_service_connect and service_accept will fail and the
existing service connection gets disconnected.

Reviewed-by: Miao-chen Chou <mcchou@chromium.org>
---

Changes in v2:
- Move bt_uuid_hash and bt_uuid_equal functions to adapter.c.
- Modify the criteria to say a device is `Affected` from any-of-uuid
  to any-of-auto-connect-profile.
- Remove the code to remove/reprobe disallowed/allowed profiles,
  instead, check if the service is allowed in bt_io_accept connect_cb.
- Fix a typo in emit_property_change in
  plugin/admin_policy.c:set_service_allowlist
- Instead of using device_state_cb, utilize D-BUS client to watch device
  added/removed.
- Add a document in doc/

 src/service.c | 33 +++++++++++++++++++++++++++++++++
 src/service.h |  2 ++
 2 files changed, 35 insertions(+)

diff --git a/src/service.c b/src/service.c
index 21a52762e637..84fbb208a7e9 100644
--- a/src/service.c
+++ b/src/service.c
@@ -41,6 +41,7 @@ struct btd_service {
 	void			*user_data;
 	btd_service_state_t	state;
 	int			err;
+	bool			is_allowed;
 };
 
 struct service_state_callback {
@@ -133,6 +134,7 @@ struct btd_service *service_create(struct btd_device *device,
 	service->device = device; /* Weak ref */
 	service->profile = profile;
 	service->state = BTD_SERVICE_STATE_UNAVAILABLE;
+	service->is_allowed = true;
 
 	return service;
 }
@@ -186,6 +188,12 @@ int service_accept(struct btd_service *service)
 	if (!service->profile->accept)
 		return -ENOSYS;
 
+	if (!service->is_allowed) {
+		info("service %s is not allowed",
+						service->profile->remote_uuid);
+		return -ECONNABORTED;
+	}
+
 	err = service->profile->accept(service);
 	if (!err)
 		goto done;
@@ -245,6 +253,12 @@ int btd_service_connect(struct btd_service *service)
 		return -EBUSY;
 	}
 
+	if (!service->is_allowed) {
+		info("service %s is not allowed",
+						service->profile->remote_uuid);
+		return -ECONNABORTED;
+	}
+
 	err = profile->connect(service);
 	if (err == 0) {
 		change_state(service, BTD_SERVICE_STATE_CONNECTING, 0);
@@ -361,6 +375,25 @@ bool btd_service_remove_state_cb(unsigned int id)
 	return false;
 }
 
+void btd_service_set_allowed(struct btd_service *service, bool allowed)
+{
+	if (allowed == service->is_allowed)
+		return;
+
+	service->is_allowed = allowed;
+
+	if (!allowed && (service->state == BTD_SERVICE_STATE_CONNECTING ||
+			service->state == BTD_SERVICE_STATE_CONNECTED)) {
+		btd_service_disconnect(service);
+		return;
+	}
+}
+
+bool btd_service_is_allowed(struct btd_service *service)
+{
+	return service->is_allowed;
+}
+
 void btd_service_connecting_complete(struct btd_service *service, int err)
 {
 	if (service->state != BTD_SERVICE_STATE_DISCONNECTED &&
diff --git a/src/service.h b/src/service.h
index 88530cc17d53..5a2a02447b24 100644
--- a/src/service.h
+++ b/src/service.h
@@ -51,6 +51,8 @@ int btd_service_get_error(const struct btd_service *service);
 unsigned int btd_service_add_state_cb(btd_service_state_cb cb,
 							void *user_data);
 bool btd_service_remove_state_cb(unsigned int id);
+void btd_service_set_allowed(struct btd_service *service, bool allowed);
+bool btd_service_is_allowed(struct btd_service *service);
 
 /* Functions used by profile implementation */
 void btd_service_connecting_complete(struct btd_service *service, int err);

From patchwork Thu Jul 22 07:23:13 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Yun-hao Chung <howardchung@google.com>
X-Patchwork-Id: 484003
Return-Path: <linux-bluetooth-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
 aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-26.3 required=3.0 tests=BAYES_00,DKIMWL_WL_MED,
 DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,
 INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE,
 SPF_PASS, 
 URIBL_BLOCKED,USER_AGENT_GIT,USER_IN_DEF_DKIM_WL autolearn=ham
 autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
 by smtp.lore.kernel.org (Postfix) with ESMTP id 4D18FC6377D
 for <linux-bluetooth@archiver.kernel.org>;
 Thu, 22 Jul 2021 07:23:42 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
 by mail.kernel.org (Postfix) with ESMTP id 298E261249
 for <linux-bluetooth@archiver.kernel.org>;
 Thu, 22 Jul 2021 07:23:42 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
 id S230300AbhGVGnF (ORCPT
 <rfc822;linux-bluetooth@archiver.kernel.org>);
 Thu, 22 Jul 2021 02:43:05 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60782 "EHLO
 lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by
 vger.kernel.org with ESMTP id S230324AbhGVGnC (ORCPT
 <rfc822;linux-bluetooth@vger.kernel.org>);
 Thu, 22 Jul 2021 02:43:02 -0400
Received: from mail-yb1-xb4a.google.com (mail-yb1-xb4a.google.com
 [IPv6:2607:f8b0:4864:20::b4a])
 by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F25CFC0613C1
 for <linux-bluetooth@vger.kernel.org>;
 Thu, 22 Jul 2021 00:23:37 -0700 (PDT)
Received: by mail-yb1-xb4a.google.com with SMTP id
 132-20020a25158a0000b029055791ebe1e6so6447227ybv.20
 for <linux-bluetooth@vger.kernel.org>;
 Thu, 22 Jul 2021 00:23:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025;
 h=date:in-reply-to:message-id:mime-version:references:subject:from:to
 :cc; bh=leZ5/Ng01dmzmYMQdSAMnNxEPVUMttJSIsVjWwyjbFU=;
 b=ReSODkWTWlyr2AvS0IsCjKULYfLZQQ9Lr+5MxvjJR9xpC+uZGpjoNZmySAoTLElujM
 s5G4OuGJQACxSR/kFCO9e/r+B+YY4G6Ws7pAUlkl4qNRAIOFKhgUxpfDZ9SKB26F+VfU
 MEMSo8L0iGaBQVoSLcxDuqFZX+zN4YWe0c9t4CYqkTsbmWrAbrFJI1rF+SHCHabj34EW
 Whzdo/Y2T1hw4f1ovavYhpd1UXzpLx5biX3itIR86Hja4Xvd+o6DHEXHtVTI/N3HOvK/
 zHxIkPVrJF5IN3XU2FEIWBfw5LCjRqJs5u78UQduR9yD6E9GgSC3AOZVFOncjjywnvK8
 HMdQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:date:in-reply-to:message-id:mime-version
 :references:subject:from:to:cc;
 bh=leZ5/Ng01dmzmYMQdSAMnNxEPVUMttJSIsVjWwyjbFU=;
 b=AQVryYXjsTJozNTuWJ2+CxsAqah9gYW/iUx3lM6r5BttALScDpyqtss1Pg1pl/auRA
 JHNVrT5QpHBNujxVSfo43TZtUkhZQZYCEuT+tymmJ1UhfgkaHQs5xluCZ4UH6k9kbePn
 6hGnSIKxzoSj7ptPcJAwuyihsmPiEHqJSeSDfq9RvS4+9b35p4AibjznYUpo7YsdoPCT
 5enfWvX8AjRpV1RsASlpbf7ghQBLtePgaf2iT9laU9WA/kuhLcvcdDct+PRIJ2PlroCx
 VH9+oKUMYxZJYYH6yTM/Pyg8KHmqZO7IoOxl3Ip8qaw8FFWGcFQ+Zh7HvXfZfF/5aoDC
 5lSw==
X-Gm-Message-State: AOAM530KgpeiLvcWzS3T7rN4VVBmM33pHZZccSFVlfE9R1YLDJnYDkZk
 0/mFRi5rJWPQ+05SkDZrLvSDSNju3M6UW6Ns+0QZ7ePIXXzjAtoDDbrl98C5h/HLQ4VHyOafZuB
 nTBFHNSMzwu1yDjTEqHpJtZtzNkf5UV5LRLUKhdW6YR6pCkIsqd6VwkTg5TO6Tbdf6ph+FM7uss
 Y2NeHbJan1Fcg=
X-Google-Smtp-Source: ABdhPJxF9vKf5UxgYJp6glekLmG5PiIiS+gZqNEuL643f33PUIBBWWBKkdq+nR4E/hEk+QLLjknZtA0ESiGMvnsNTg==
X-Received: from howardchung-p920.tpe.corp.google.com
 ([2401:fa00:1:10:69a3:595f:8267:f7e0])
 (user=howardchung job=sendgmr) by 2002:a05:6902:1106:: with SMTP id
 o6mr47940346ybu.380.1626938617161;
 Thu, 22 Jul 2021 00:23:37 -0700 (PDT)
Date: Thu, 22 Jul 2021 15:23:13 +0800
In-Reply-To: <20210722072321.1225119-1-howardchung@google.com>
Message-Id: <20210722152159.Bluez.v2.3.I1f8afde9aafc699f5b3ad3b51d672f0416823d50@changeid>
Mime-Version: 1.0
References: <20210722072321.1225119-1-howardchung@google.com>
X-Mailer: git-send-email 2.32.0.402.g57bb445576-goog
Subject: [Bluez PATCH v2 03/11] profiles: ignore incoming connection of not
 allowed service
From: Howard Chung <howardchung@google.com>
To: linux-bluetooth@vger.kernel.org, luiz.dentz@gmail.com
Cc: Yun-Hao Chung <howardchung@chromium.org>,
 Miao-chen Chou <mcchou@chromium.org>
Precedence: bulk
List-ID: <linux-bluetooth.vger.kernel.org>
X-Mailing-List: linux-bluetooth@vger.kernel.org

From: Yun-Hao Chung <howardchung@chromium.org>

Bluez listens for incoming connections for each profile. This patch
ignores them if the service is not allowed by adapter.

Reviewed-by: Miao-chen Chou <mcchou@chromium.org>
---
Hi maintainers,

In previous work of service_api, it blocks incoming connections by
adding a check in profile authorization callback. This doesn't work for
every profile, since some profile (e.g. health) doesn't need
authorization. This change adds check to each profile. I understand it's
not a very clean solution. Please let me know if you have other
thoughts. Thanks.

The following test steps were performed after enabling admin_policy
plugin:
1. Set ServiceAllowList to ["1234"].
2. Turn on a paired classic keyboard. Verify it can not be connected.
3. Set ServiceAllowList to
   ["1800","1801","180A","180F","1812"]
4. Turn off and turn on the keyboard. Verift it can be connected.

(no changes since v1)

 Makefile.tools          |  1 +
 profiles/audio/a2dp.c   |  6 ++++++
 profiles/audio/avctp.c  |  7 +++++++
 profiles/health/mcap.c  | 10 +++++++++-
 profiles/input/server.c | 10 ++++++++++
 src/profile.c           | 12 ++++++++++++
 6 files changed, 45 insertions(+), 1 deletion(-)

diff --git a/Makefile.tools b/Makefile.tools
index c836b5984934..55684824fb91 100644
--- a/Makefile.tools
+++ b/Makefile.tools
@@ -235,6 +235,7 @@ tools_btiotest_LDADD = lib/libbluetooth-internal.la $(GLIB_LIBS)
 tools_mcaptest_SOURCES = tools/mcaptest.c \
 				btio/btio.h btio/btio.c \
 				src/log.c src/log.h \
+				src/adapter.c src/adapter.h \
 				profiles/health/mcap.h profiles/health/mcap.c
 tools_mcaptest_LDADD = lib/libbluetooth-internal.la $(GLIB_LIBS) \
 				src/libshared-mainloop.la -lrt
diff --git a/profiles/audio/a2dp.c b/profiles/audio/a2dp.c
index 86bc02994f75..73cf210475bd 100644
--- a/profiles/audio/a2dp.c
+++ b/profiles/audio/a2dp.c
@@ -2386,6 +2386,12 @@ static void confirm_cb(GIOChannel *io, gpointer data)
 		return;
 	}
 
+	if (!btd_adapter_is_uuid_allowed(adapter_find(&src),
+							ADVANCED_AUDIO_UUID)) {
+		info("A2DP is not allowed. Ignoring the incoming connection");
+		return;
+	}
+
 	chan = channel_new(server, device, io);
 	if (!chan)
 		goto drop;
diff --git a/profiles/audio/avctp.c b/profiles/audio/avctp.c
index 50de3361818f..044c10d213ac 100644
--- a/profiles/audio/avctp.c
+++ b/profiles/audio/avctp.c
@@ -1587,6 +1587,13 @@ static void avctp_confirm_cb(GIOChannel *chan, gpointer data)
 
 	DBG("AVCTP: incoming connect from %s", address);
 
+	if (!btd_adapter_is_uuid_allowed(adapter_find(&src),
+							AVRCP_REMOTE_UUID)) {
+		info("AVRCP REMOTE is not allowed. "
+					"Ignoring the incoming connection");
+		return;
+	}
+
 	device = btd_adapter_find_device(adapter_find(&src), &dst,
 								BDADDR_BREDR);
 	if (!device)
diff --git a/profiles/health/mcap.c b/profiles/health/mcap.c
index be13af37a0b8..1799d73e6648 100644
--- a/profiles/health/mcap.c
+++ b/profiles/health/mcap.c
@@ -23,8 +23,10 @@
 #include <glib.h>
 
 #include "lib/bluetooth.h"
+#include "lib/uuid.h"
 #include "bluetooth/l2cap.h"
 #include "btio/btio.h"
+#include "src/adapter.h"
 #include "src/log.h"
 #include "src/shared/timeout.h"
 
@@ -2010,7 +2012,7 @@ static void connect_mcl_event_cb(GIOChannel *chan, GError *gerr,
 {
 	struct mcap_instance *mi = user_data;
 	struct mcap_mcl *mcl;
-	bdaddr_t dst;
+	bdaddr_t src, dst;
 	char address[18], srcstr[18];
 	GError *err = NULL;
 
@@ -2018,6 +2020,7 @@ static void connect_mcl_event_cb(GIOChannel *chan, GError *gerr,
 		return;
 
 	bt_io_get(chan, &err,
+			BT_IO_OPT_SOURCE_BDADDR, &src,
 			BT_IO_OPT_DEST_BDADDR, &dst,
 			BT_IO_OPT_DEST, address,
 			BT_IO_OPT_INVALID);
@@ -2027,6 +2030,11 @@ static void connect_mcl_event_cb(GIOChannel *chan, GError *gerr,
 		goto drop;
 	}
 
+	if (!btd_adapter_is_uuid_allowed(adapter_find(&src), HDP_UUID)) {
+		info("HID is not allowed. Ignoring the incoming connection");
+		return;
+	}
+
 	ba2str(&mi->src, srcstr);
 	mcl = find_mcl(mi->mcls, &dst);
 	if (mcl) {
diff --git a/profiles/input/server.c b/profiles/input/server.c
index 79cf08a66b38..94d06a383578 100644
--- a/profiles/input/server.c
+++ b/profiles/input/server.c
@@ -156,6 +156,11 @@ static void connect_event_cb(GIOChannel *chan, GError *err, gpointer data)
 	ba2str(&dst, address);
 	DBG("Incoming connection from %s on PSM %d", address, psm);
 
+	if (!btd_adapter_is_uuid_allowed(adapter_find(&src), HID_UUID)) {
+		info("HID is not allowed. Ignoring the incoming connection");
+		return;
+	}
+
 	ret = input_device_set_channel(&src, &dst, psm, chan);
 	if (ret == 0)
 		return;
@@ -234,6 +239,11 @@ static void confirm_event_cb(GIOChannel *chan, gpointer user_data)
 		return;
 	}
 
+	if (!btd_adapter_is_uuid_allowed(adapter_find(&src), HID_UUID)) {
+		info("HID is not allowed. Ignoring the incoming connection");
+		return;
+	}
+
 	ba2str(&dst, addr);
 
 	if (server->confirm) {
diff --git a/src/profile.c b/src/profile.c
index 60d17b6ae657..58500c74746d 100644
--- a/src/profile.c
+++ b/src/profile.c
@@ -1249,6 +1249,11 @@ static void ext_confirm(GIOChannel *io, gpointer user_data)
 
 	DBG("incoming connect from %s", addr);
 
+	if (btd_adapter_is_uuid_allowed(adapter_find(&src), uuid)) {
+		info("UUID %s is not allowed. Igoring the connection", uuid);
+		return;
+	}
+
 	conn = create_conn(server, io, &src, &dst);
 	if (conn == NULL)
 		return;
@@ -1272,6 +1277,7 @@ static void ext_direct_connect(GIOChannel *io, GError *err, gpointer user_data)
 	struct ext_profile *ext = server->ext;
 	GError *gerr = NULL;
 	struct ext_io *conn;
+	const char *uuid = ext->service ? ext->service : ext->uuid;
 	bdaddr_t src, dst;
 
 	bt_io_get(io, &gerr,
@@ -1285,6 +1291,12 @@ static void ext_direct_connect(GIOChannel *io, GError *err, gpointer user_data)
 		return;
 	}
 
+	if (btd_adapter_is_uuid_allowed(adapter_find(&src), ext->uuid)) {
+		info("UUID %s is not allowed. Igoring the connection",
+								ext->uuid);
+		return;
+	}
+
 	conn = create_conn(server, io, &src, &dst);
 	if (conn == NULL)
 		return;

From patchwork Thu Jul 22 07:23:14 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Yun-hao Chung <howardchung@google.com>
X-Patchwork-Id: 484002
Return-Path: <linux-bluetooth-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
 aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-26.3 required=3.0 tests=BAYES_00,DKIMWL_WL_MED,
 DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,
 INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE,
 SPF_PASS, 
 URIBL_BLOCKED,USER_AGENT_GIT,USER_IN_DEF_DKIM_WL autolearn=ham
 autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
 by smtp.lore.kernel.org (Postfix) with ESMTP id 2285EC63797
 for <linux-bluetooth@archiver.kernel.org>;
 Thu, 22 Jul 2021 07:23:43 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
 by mail.kernel.org (Postfix) with ESMTP id 071C561283
 for <linux-bluetooth@archiver.kernel.org>;
 Thu, 22 Jul 2021 07:23:42 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
 id S230330AbhGVGnG (ORCPT
 <rfc822;linux-bluetooth@archiver.kernel.org>);
 Thu, 22 Jul 2021 02:43:06 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60802 "EHLO
 lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by
 vger.kernel.org with ESMTP id S229573AbhGVGnF (ORCPT
 <rfc822;linux-bluetooth@vger.kernel.org>);
 Thu, 22 Jul 2021 02:43:05 -0400
Received: from mail-pj1-x104a.google.com (mail-pj1-x104a.google.com
 [IPv6:2607:f8b0:4864:20::104a])
 by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 95487C0613C1
 for <linux-bluetooth@vger.kernel.org>;
 Thu, 22 Jul 2021 00:23:41 -0700 (PDT)
Received: by mail-pj1-x104a.google.com with SMTP id
 o11-20020a17090ad24bb02901760a3c63a2so3602139pjw.0
 for <linux-bluetooth@vger.kernel.org>;
 Thu, 22 Jul 2021 00:23:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025;
 h=date:in-reply-to:message-id:mime-version:references:subject:from:to
 :cc; bh=uAuWqyGgj1zVGvHP8Y5rWTY+zIrloT+cRDb63+cvFrs=;
 b=FL/FvIG7C7UH9b0dUiWeUXfCTFN7637EFmP3O7PF8HiXMPO2eIyHt+HBGL8r1ZzAtZ
 nnzf5T8MKnHpPe/pnRkcVbhcXdRONk6dEf341w9sqnIG/TZCg0KaQ7o8yelbGaDJvYu3
 riUherl24x2pKZ6T/b0YHu/ATLo+eRXTxvnq8zHrd1rerPzy7LABB0uDWLU+jO2mt7k4
 nQx8/yt7HPq3ZrnwJwtB7hmfnPsgKYPUDeNUAToY3JSbnJXq0KnokO2IWMPFqOFc3kiv
 pigWv+W2AVwtxWCAZl3/2RQoYvzJiNxuVTQ6uZgotJ7R7tF09IsCSUdp9nvTleAGMq9c
 K16Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:date:in-reply-to:message-id:mime-version
 :references:subject:from:to:cc;
 bh=uAuWqyGgj1zVGvHP8Y5rWTY+zIrloT+cRDb63+cvFrs=;
 b=iH03WxjecWl8KfymK5y3AYtl2Cz3y1ajF9jnleAbw8NER/MShj1xIfJisLyGmJLylg
 V9WMMvZzMytgnW4VupEHb/37qoikXyj5SPZK8MVngoswj8gM1z+D7TsMCEshuIJOjkfK
 gxAxzUXjXVbJs+kcwfsL/XJEY3FwAZnZDWkcps4ILMVMglnamlpn7j5C/BxDP27IT+vx
 qKFhG13BuRQukutKS81Rv2k21NQL+mJN+xhAF5xbCZ2LPeGX8vYyuS//kLpp2kUE1kgA
 7Z/Ik6mKIv+I/RWvoztPxvuPytqSgOiSsvhv32xVo7pBjck7BuOA6or07V/SNEbT+Y5m
 /uFw==
X-Gm-Message-State: AOAM532v0kVdeiaWRBeJZdTaRv9pJSdUCnM67jt+VGt2JuQReHbS8AJg
 kcNLO+QLd6NKZqu8CthLFcdumbagam1wtvQ72PyiuayaePFKr+z2WguhBmt1CC9HT4l+2Dp3YvU
 P4VkEjTuqcvWjsUQJ8UC8HC/7aLaUC+NovM2NEqQTVdtv3KO0R6CFOL2Exy4Gg9W0ivISSl8unr
 9NXhsu+38fiwg=
X-Google-Smtp-Source: ABdhPJzrUG91fWSfP1QTV0iPWnzStDGcneTIyszycf70nYT07CZKhYTN45Gs3R9RN+2jiTjVH2S9CW0rgJ58O4DkMQ==
X-Received: from howardchung-p920.tpe.corp.google.com
 ([2401:fa00:1:10:69a3:595f:8267:f7e0])
 (user=howardchung job=sendgmr) by
 2002:a17:902:f282:b029:12b:2b93:fbdd with SMTP id
 k2-20020a170902f282b029012b2b93fbddmr30877071plc.35.1626938620898;
 Thu, 22 Jul 2021 00:23:40 -0700 (PDT)
Date: Thu, 22 Jul 2021 15:23:14 +0800
In-Reply-To: <20210722072321.1225119-1-howardchung@google.com>
Message-Id: <20210722152159.Bluez.v2.4.Id0842634d98a21fbdfa5cc72c76a462a98bf6f40@changeid>
Mime-Version: 1.0
References: <20210722072321.1225119-1-howardchung@google.com>
X-Mailer: git-send-email 2.32.0.402.g57bb445576-goog
Subject: [Bluez PATCH v2 04/11] plugins: new plugin
From: Howard Chung <howardchung@google.com>
To: linux-bluetooth@vger.kernel.org, luiz.dentz@gmail.com
Cc: Yun-Hao Chung <howardchung@chromium.org>,
 Miao-chen Chou <mcchou@chromium.org>
Precedence: bulk
List-ID: <linux-bluetooth.vger.kernel.org>
X-Mailing-List: linux-bluetooth@vger.kernel.org

From: Yun-Hao Chung <howardchung@chromium.org>

This adds an initial code for a new plugin admin_policy.

Reviewed-by: Miao-chen Chou <mcchou@chromium.org>
---

(no changes since v1)

 Makefile.plugins       |  5 +++++
 bootstrap-configure    |  1 +
 configure.ac           |  4 ++++
 plugins/admin_policy.c | 30 ++++++++++++++++++++++++++++++
 4 files changed, 40 insertions(+)
 create mode 100644 plugins/admin_policy.c

diff --git a/Makefile.plugins b/Makefile.plugins
index 4e6a72b0bdf6..b6be0e0d559d 100644
--- a/Makefile.plugins
+++ b/Makefile.plugins
@@ -11,6 +11,11 @@ builtin_sources += plugins/autopair.c
 builtin_modules += policy
 builtin_sources += plugins/policy.c
 
+if ADMIN_POLICY
+builtin_modules += admin_policy
+builtin_sources += plugins/admin_policy.c
+endif
+
 if NFC
 builtin_modules += neard
 builtin_sources += plugins/neard.c
diff --git a/bootstrap-configure b/bootstrap-configure
index 0efd83abc2c4..89c0747b0256 100755
--- a/bootstrap-configure
+++ b/bootstrap-configure
@@ -30,4 +30,5 @@ fi
 		--enable-pie \
 		--enable-cups \
 		--enable-library \
+		--enable-admin_policy \
 		--disable-datafiles $*
diff --git a/configure.ac b/configure.ac
index be32782a641d..53ed8911f95c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -364,6 +364,10 @@ AC_ARG_ENABLE(logger, AC_HELP_STRING([--enable-logger],
 		[enable HCI logger service]), [enable_logger=${enableval}])
 AM_CONDITIONAL(LOGGER, test "${enable_logger}" = "yes")
 
+AC_ARG_ENABLE(admin_policy, AC_HELP_STRING([--enable-admin_policy],
+		[enable admin policy plugin]), [enable_admin_policy=${enableval}])
+AM_CONDITIONAL(ADMIN_POLICY, test "${enable_admin_policy}" = "yes")
+
 if (test "${prefix}" = "NONE"); then
 	dnl no prefix and no localstatedir, so default to /var
 	if (test "$localstatedir" = '${prefix}/var'); then
diff --git a/plugins/admin_policy.c b/plugins/admin_policy.c
new file mode 100644
index 000000000000..dd8d8973636f
--- /dev/null
+++ b/plugins/admin_policy.c
@@ -0,0 +1,30 @@
+// SPDX-License-Identifier: LGPL-2.1-or-later
+/*
+ *
+ *  BlueZ - Bluetooth protocol stack for Linux
+ *
+ *  Copyright (C) 2021 Google LLC
+ *
+ *
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include "src/log.h"
+#include "src/plugin.h"
+
+static int admin_policy_init(void)
+{
+	DBG("");
+}
+
+static void admin_policy_exit(void)
+{
+	DBG("");
+}
+
+BLUETOOTH_PLUGIN_DEFINE(admin_policy, VERSION,
+			BLUETOOTH_PLUGIN_PRIORITY_DEFAULT,
+			admin_policy_init, admin_policy_exit)

From patchwork Thu Jul 22 07:23:17 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Yun-hao Chung <howardchung@google.com>
X-Patchwork-Id: 484000
Return-Path: <linux-bluetooth-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
 aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-23.5 required=3.0 tests=BAYES_00,DKIMWL_WL_MED,
 DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,
 INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE,
 SPF_PASS, 
 UNWANTED_LANGUAGE_BODY, URIBL_BLOCKED, USER_AGENT_GIT,
 USER_IN_DEF_DKIM_WL
 autolearn=ham autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
 by smtp.lore.kernel.org (Postfix) with ESMTP id 3AD0EC63798
 for <linux-bluetooth@archiver.kernel.org>;
 Thu, 22 Jul 2021 07:24:36 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
 by mail.kernel.org (Postfix) with ESMTP id 1D86261355
 for <linux-bluetooth@archiver.kernel.org>;
 Thu, 22 Jul 2021 07:24:36 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
 id S231186AbhGVGn7 (ORCPT
 <rfc822;linux-bluetooth@archiver.kernel.org>);
 Thu, 22 Jul 2021 02:43:59 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60986 "EHLO
 lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by
 vger.kernel.org with ESMTP id S230100AbhGVGnv (ORCPT
 <rfc822;linux-bluetooth@vger.kernel.org>);
 Thu, 22 Jul 2021 02:43:51 -0400
Received: from mail-pj1-x1049.google.com (mail-pj1-x1049.google.com
 [IPv6:2607:f8b0:4864:20::1049])
 by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CC426C061798
 for <linux-bluetooth@vger.kernel.org>;
 Thu, 22 Jul 2021 00:23:51 -0700 (PDT)
Received: by mail-pj1-x1049.google.com with SMTP id
 p10-20020a17090a428ab0290175556801d5so3814021pjg.2
 for <linux-bluetooth@vger.kernel.org>;
 Thu, 22 Jul 2021 00:23:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025;
 h=date:in-reply-to:message-id:mime-version:references:subject:from:to
 :cc; bh=H7qAJRqdqyfxprqmam5PyjQtsjrQGuynANBGFDFSws0=;
 b=hySnIV0nCtrp0H8HJ1UhmP+xVCooWVARg8fXjU4WQLg4nKIpAPLmk5AgVe3XmAuWVB
 6oQEVw4z+TpJYzIXP1vhGQsgEEuZmkXo+8A/boFJrOFLAvttUaNS0tmZluoojOk4aSkm
 9L57dnxQb0KRipZJfVcQErtdROCjRM5EkMfVRwi/swpdYVfyt/EF7Yyx2DnGfeSt4Vtd
 O1Sxi1YRV5kQGmHhp05mYcHBCeDwMFy+eNoc30tWsgWjq+vKMFcGELBD4KW6/AReamYx
 vTWZd8H4fLrU7Ne+13FvPn0u+1jIfLpEFFwKTECJQcvvsukIIG0JcjCV2Ab1DoUgheVF
 UrWw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:date:in-reply-to:message-id:mime-version
 :references:subject:from:to:cc;
 bh=H7qAJRqdqyfxprqmam5PyjQtsjrQGuynANBGFDFSws0=;
 b=WCzU37VdDjcUzHhSjbqSQ3zj5G1nk/+0jEf9yY0HToiWyX0qvYOJiOePj682rn30XC
 iiQYs0vSQKOxtUNrYKHWuQy+cJV8hmHTsq0g2ZlGtQp/1wAGJ2av2MAA9cr1dJj2znB6
 1oaoId04cw5qbBdFL5rmsmQBuMreH21k6B07Kbvl9+Gc2hvPfDe2DBU1bRhIMyFdNB+s
 fj0Cf/jQTTPtwTcKJruNFJZa6POhelzEXIXYObf+q3EvKO3yvxmBCqM0Ml7rZe2fgn7c
 nE/yhJjS7kP2jqiBTW9K3udFHg6TR5n4Ojj59f4MAbRJDmS+SBODLaG2RliIAoo/x5zh
 QwCg==
X-Gm-Message-State: AOAM531+yNkHSaj2cj4NlXqVjP1YPrFu54jYnrW0f8FfP487g8bXUFVy
 QvpsEzxWt/W2AO5Efeimu2ZeX9uOC1z1Bw8miRV1xEOBDzbztwCiSNTrQ2PXX1+6O6mFhue+9b7
 Aux1Bt4wpLGAhDJgPVOIQuSLO0MrSsFgW1Sh0cf0hk8JoWpYOI39eu/kiYa6bKhqRfn7JXnPVJh
 m7Yhmdap1xp+E=
X-Google-Smtp-Source: ABdhPJwSFz39VQ+t+5Q1HrcLWXFa7vwnrqsomIsx0HY7L4LQD0fXColD4gxOBwZIgQkG9eiX0nhn0OSTPaKn+Xtl4Q==
X-Received: from howardchung-p920.tpe.corp.google.com
 ([2401:fa00:1:10:69a3:595f:8267:f7e0])
 (user=howardchung job=sendgmr) by 2002:a62:ab0a:0:b029:33b:6d08:2a45
 with SMTP id
 p10-20020a62ab0a0000b029033b6d082a45mr27788651pff.38.1626938631178;
 Thu, 22 Jul 2021 00:23:51 -0700 (PDT)
Date: Thu, 22 Jul 2021 15:23:17 +0800
In-Reply-To: <20210722072321.1225119-1-howardchung@google.com>
Message-Id: <20210722152159.Bluez.v2.7.I00fd6c348e4c93501de6de0eae0d23436fd3895b@changeid>
Mime-Version: 1.0
References: <20210722072321.1225119-1-howardchung@google.com>
X-Mailer: git-send-email 2.32.0.402.g57bb445576-goog
Subject: [Bluez PATCH v2 07/11] plugins/admin_policy: add ServiceAllowList
 property
From: Howard Chung <howardchung@google.com>
To: linux-bluetooth@vger.kernel.org, luiz.dentz@gmail.com
Cc: Yun-Hao Chung <howardchung@chromium.org>,
 Miao-chen Chou <mcchou@chromium.org>
Precedence: bulk
List-ID: <linux-bluetooth.vger.kernel.org>
X-Mailing-List: linux-bluetooth@vger.kernel.org

From: Yun-Hao Chung <howardchung@chromium.org>

This adds code to register interface org.bluez.AdminPolicyStatus.
The interface will provide read-only properties to indicate the current
settings of admin policies. We separate this from AdminPolicySet so that
normal clients can check current policy settings while only a few
clients can change policies.

This patch also adds readonly property ServiceAllowlist to
AdminPolicyStatus1, which indicates the current setting of service
allowlist.

Reviewed-by: Miao-chen Chou <mcchou@chromium.org>
---
The following test steps were performed:
1. Set ServiceAllowList to ["1124","180A","180F","1812"]
2. Verify ServiceAllowList is ["1124","180A","180F","1812"] in UUID-128
   form
3. Set ServiceAllowList to []
4. Verify ServiceAllowList is []

(no changes since v1)

 plugins/admin_policy.c | 58 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 58 insertions(+)

diff --git a/plugins/admin_policy.c b/plugins/admin_policy.c
index 242b8d5dacb0..270d42366cd6 100644
--- a/plugins/admin_policy.c
+++ b/plugins/admin_policy.c
@@ -27,6 +27,7 @@
 #include "src/shared/queue.h"
 
 #define ADMIN_POLICY_SET_INTERFACE	"org.bluez.AdminPolicySet1"
+#define ADMIN_POLICY_STATUS_INTERFACE	"org.bluez.AdminPolicyStatus1"
 
 static DBusConnection *dbus_conn;
 
@@ -151,6 +152,11 @@ static DBusMessage *set_service_allowlist(DBusConnection *conn,
 		return btd_error_failed(msg, "service_allowlist_set failed");
 	}
 
+	g_dbus_emit_property_changed(dbus_conn,
+					adapter_get_path(policy_data->adapter),
+					ADMIN_POLICY_STATUS_INTERFACE,
+					"ServiceAllowList");
+
 	return dbus_message_new_method_return(msg);
 }
 
@@ -160,6 +166,43 @@ static const GDBusMethodTable admin_policy_adapter_methods[] = {
 	{ }
 };
 
+void append_service_uuid(void *data, void *user_data)
+{
+	bt_uuid_t *uuid = data;
+	DBusMessageIter *entry = user_data;
+	char uuid_str[MAX_LEN_UUID_STR];
+	const char *uuid_str_ptr = uuid_str;
+
+	if (!uuid) {
+		error("Unexpected NULL uuid data in service_allowlist");
+		return;
+	}
+
+	bt_uuid_to_string(uuid, uuid_str, MAX_LEN_UUID_STR);
+	dbus_message_iter_append_basic(entry, DBUS_TYPE_STRING, &uuid_str_ptr);
+}
+
+static gboolean property_get_service_allowlist(
+					const GDBusPropertyTable *property,
+					DBusMessageIter *iter, void *user_data)
+{
+	struct btd_admin_policy *admin_policy = user_data;
+	DBusMessageIter entry;
+
+	dbus_message_iter_open_container(iter, DBUS_TYPE_ARRAY,
+					DBUS_TYPE_STRING_AS_STRING, &entry);
+	queue_foreach(admin_policy->service_allowlist, append_service_uuid,
+									&entry);
+	dbus_message_iter_close_container(iter, &entry);
+
+	return TRUE;
+}
+
+static const GDBusPropertyTable admin_policy_adapter_properties[] = {
+	{ "ServiceAllowList", "as", property_get_service_allowlist },
+	{ }
+};
+
 static int admin_policy_adapter_probe(struct btd_adapter *adapter)
 {
 	if (policy_data) {
@@ -185,6 +228,21 @@ static int admin_policy_adapter_probe(struct btd_adapter *adapter)
 
 	btd_info(policy_data->adapter_id,
 				"Admin Policy Set interface registered");
+
+	if (!g_dbus_register_interface(dbus_conn, adapter_get_path(adapter),
+					ADMIN_POLICY_STATUS_INTERFACE,
+					NULL, NULL,
+					admin_policy_adapter_properties,
+					policy_data, admin_policy_free)) {
+		btd_error(policy_data->adapter_id,
+			"Admin Policy Status interface init failed on path %s",
+						adapter_get_path(adapter));
+		return -EINVAL;
+	}
+
+	btd_info(policy_data->adapter_id,
+				"Admin Policy Status interface registered");
+
 	return 0;
 }
 

From patchwork Thu Jul 22 07:23:18 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Yun-hao Chung <howardchung@google.com>
X-Patchwork-Id: 483999
Return-Path: <linux-bluetooth-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
 aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-23.5 required=3.0 tests=BAYES_00,DKIMWL_WL_MED,
 DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,
 INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE,
 SPF_PASS, 
 UNWANTED_LANGUAGE_BODY, URIBL_BLOCKED, USER_AGENT_GIT,
 USER_IN_DEF_DKIM_WL
 autolearn=ham autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
 by smtp.lore.kernel.org (Postfix) with ESMTP id B4F17C63799
 for <linux-bluetooth@archiver.kernel.org>;
 Thu, 22 Jul 2021 07:24:36 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
 by mail.kernel.org (Postfix) with ESMTP id A273E60551
 for <linux-bluetooth@archiver.kernel.org>;
 Thu, 22 Jul 2021 07:24:36 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
 id S231124AbhGVGn5 (ORCPT
 <rfc822;linux-bluetooth@archiver.kernel.org>);
 Thu, 22 Jul 2021 02:43:57 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60996 "EHLO
 lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by
 vger.kernel.org with ESMTP id S230407AbhGVGnv (ORCPT
 <rfc822;linux-bluetooth@vger.kernel.org>);
 Thu, 22 Jul 2021 02:43:51 -0400
Received: from mail-qv1-xf49.google.com (mail-qv1-xf49.google.com
 [IPv6:2607:f8b0:4864:20::f49])
 by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A27BFC06179C
 for <linux-bluetooth@vger.kernel.org>;
 Thu, 22 Jul 2021 00:23:55 -0700 (PDT)
Received: by mail-qv1-xf49.google.com with SMTP id
 eo14-20020ad4594e0000b02902fc3fd31414so3174573qvb.16
 for <linux-bluetooth@vger.kernel.org>;
 Thu, 22 Jul 2021 00:23:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025;
 h=date:in-reply-to:message-id:mime-version:references:subject:from:to
 :cc; bh=Nr7d5kbdJgplVMKnxiv3ENfoURCVEJT+N1sNUQI5FVE=;
 b=CqR6KTfvGq5czm54ovQsXwtakNlwTB5Wi5bVSaZz5x1YqomXRl7YtQCV7w8m4RRoeg
 9WZTZDqydjNJF7EUeGLLMLENGMptE6efyu1tWvmPZGtQAzU4Pg/XBkFB70qQTHKZcaNk
 YOVBZ6Vpnt7OoqnHhrw+xu8Z3mmCjQ8DymvyLRnwitgWKrLKvPIPT1nxcQdHe41lgm2k
 tLSjDWLA3GFMwfgC6vAwKGkMOFI7WXC1Jz8R8c6oijc5yLniWHQDj7q0RAl3L9hrOlfr
 uwxpWDUFjOsQO9Nl8EN235a0cxWhHxp8D7c9/DtnbL+fk8gfRSFOnvSN5yi0OEHKw4Yj
 is+g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:date:in-reply-to:message-id:mime-version
 :references:subject:from:to:cc;
 bh=Nr7d5kbdJgplVMKnxiv3ENfoURCVEJT+N1sNUQI5FVE=;
 b=quBKoqH/hGJ1OS+cNJ39sbq6u1w+2GsOK+R6IOhk9K2VHTqYo3Uag/DAmigIeT8AIS
 dFcNtDJus3vSGxKPvoqPidGZwLN5VvRY2uKLbmxlJrFRWpucbYVJOAuf1Tp8dwiJzLvU
 EnAP8vHa0ZhRL3BcjPKRf2dnYt54dbehlT5sawc8rnGowyr2v2xNJSgWaPIL8kWPVMgg
 I6j48E+c12feS+QTMAZGml2mJgWe+WzBjQh0/aaoasPgRcV6HMWrsQ9cWDgTvtQ8vw+L
 ap4yVKL79EVUtqZjVrZDgkun72oYHbAY5yT+B7gTULVYLN+nQClAyj4IFzNvqWF5zNmM
 X0rA==
X-Gm-Message-State: AOAM532emDExsW9dWbYTM9G99VSwRIjS3uFgWGLNwSZwwEe+nROoM7li
 fddvlfVnYaqpUNsC4MnXBmTbFSh2wc7vqElH/MAqdItgkrU1T1dPtXFKJZMWCDyGVaw7JC3tcYH
 qujHEPW57USic0W858MIO4pKwgCPSiUrVAM98ivrnCFbUZ5aZUODaTBxMWHTiUXX5TmluxQD1tj
 Pb4SNQZgds1xs=
X-Google-Smtp-Source: ABdhPJzBzG7MKa2SFYt+maT59CwMSgbzi44V/S3TiQUd6BY3gcatg5ZU4nJUbEqYaXAdp7Q/Mfbnzny0mmOR0QxM8Q==
X-Received: from howardchung-p920.tpe.corp.google.com
 ([2401:fa00:1:10:69a3:595f:8267:f7e0])
 (user=howardchung job=sendgmr) by 2002:a0c:f850:: with SMTP id
 g16mr39589670qvo.5.1626938634690;
 Thu, 22 Jul 2021 00:23:54 -0700 (PDT)
Date: Thu, 22 Jul 2021 15:23:18 +0800
In-Reply-To: <20210722072321.1225119-1-howardchung@google.com>
Message-Id: <20210722152159.Bluez.v2.8.I517e5199ac8019b770c7ee8c92a294ec1c752748@changeid>
Mime-Version: 1.0
References: <20210722072321.1225119-1-howardchung@google.com>
X-Mailer: git-send-email 2.32.0.402.g57bb445576-goog
Subject: [Bluez PATCH v2 08/11] plugins/admin_policy: listen for device add
 and remove
From: Howard Chung <howardchung@google.com>
To: linux-bluetooth@vger.kernel.org, luiz.dentz@gmail.com
Cc: Yun-Hao Chung <howardchung@chromium.org>,
 Miao-chen Chou <mcchou@chromium.org>
Precedence: bulk
List-ID: <linux-bluetooth.vger.kernel.org>
X-Mailing-List: linux-bluetooth@vger.kernel.org

From: Yun-Hao Chung <howardchung@chromium.org>

This adds an D-BUS client to listen for DeviceAdd and DeviceRemove. It
is necessary for implementation of "AffectedByPolicy" property since it
needs to register an interface for each device object and unregister it
once the device gets removed.

Reviewed-by: Miao-chen Chou <mcchou@chromium.org>
---
The following test steps were performed:
1. start discovery using UI
2. verify device_data were added by checking system log
3. stop discovery
4. verify device_data were removed after a few seconds by checking
system log

(no changes since v1)

 plugins/admin_policy.c | 154 +++++++++++++++++++++++++++++++++++++++--
 1 file changed, 150 insertions(+), 4 deletions(-)

diff --git a/plugins/admin_policy.c b/plugins/admin_policy.c
index 270d42366cd6..73d695ef976b 100644
--- a/plugins/admin_policy.c
+++ b/plugins/admin_policy.c
@@ -20,6 +20,7 @@
 
 #include "src/adapter.h"
 #include "src/dbus-common.h"
+#include "src/device.h"
 #include "src/error.h"
 #include "src/log.h"
 #include "src/plugin.h"
@@ -29,7 +30,12 @@
 #define ADMIN_POLICY_SET_INTERFACE	"org.bluez.AdminPolicySet1"
 #define ADMIN_POLICY_STATUS_INTERFACE	"org.bluez.AdminPolicyStatus1"
 
+#define DBUS_BLUEZ_SERVICE		"org.bluez"
+#define BTD_DEVICE_INTERFACE		"org.bluez.Device1"
+
 static DBusConnection *dbus_conn;
+static GDBusClient *dbus_client;
+static struct queue *devices; /* List of struct device_data objects */
 
 /* |policy_data| has the same life cycle as btd_adapter */
 static struct btd_admin_policy {
@@ -38,6 +44,11 @@ static struct btd_admin_policy {
 	struct queue *service_allowlist;
 } *policy_data = NULL;
 
+struct device_data {
+	struct btd_device *device;
+	char *path;
+};
+
 static struct btd_admin_policy *admin_policy_new(struct btd_adapter *adapter)
 {
 	struct btd_admin_policy *admin_policy = NULL;
@@ -203,8 +214,122 @@ static const GDBusPropertyTable admin_policy_adapter_properties[] = {
 	{ }
 };
 
+static bool device_data_match(const void *a, const void *b)
+{
+	const struct device_data *data = a;
+	const struct btd_device *dev = b;
+
+	if (!data) {
+		error("Unexpected NULL device_data");
+		return false;
+	}
+
+	return data->device == dev;
+}
+
+static bool device_data_match_by_path(const void *a, const void *b)
+{
+	const struct device_data *data = a;
+	const char *path = b;
+
+	if (!data) {
+		error("Unexpected NULL device_data");
+		return false;
+	}
+
+	return strcmp(data->path, b) == 0;
+}
+
+static void free_device_data(void *data)
+{
+	struct device_data *device_data = data;
+
+	g_free(device_data->path);
+	g_free(device_data);
+}
+
+static void remove_device_data(void *data)
+{
+	struct device_data *device_data = data;
+
+	DBG("device_data for %s removing", device_data->path);
+
+	queue_remove(devices, device_data);
+	free_device_data(device_data);
+}
+
+static void add_device_data(struct btd_device *device)
+{
+	struct btd_adapter *adapter = device_get_adapter(device);
+	struct device_data *data;
+
+	if (queue_find(devices, device_data_match, device))
+		return;
+
+	data = g_new0(struct device_data, 1);
+	if (!data) {
+		btd_error(btd_adapter_get_index(adapter),
+				"Failed to allocate memory for device_data");
+		return;
+	}
+
+	data->device = device;
+	data->path = g_strdup(device_get_path(device));
+	queue_push_tail(devices, data);
+
+	DBG("device_data for %s added", data->path);
+}
+
+static struct btd_device *find_device_by_proxy(GDBusProxy *proxy)
+{
+	const char *path = g_dbus_proxy_get_path(proxy);
+	const char *iface = g_dbus_proxy_get_interface(proxy);
+	struct btd_device *device;
+
+	if (strcmp(iface, BTD_DEVICE_INTERFACE) != 0)
+		return NULL;
+
+	device = btd_adapter_find_device_by_path(policy_data->adapter, path);
+
+	if (!device) {
+		btd_warn(adapter_get_path(policy_data->adapter),
+					"Device path %s is not found", path);
+	}
+
+	return device;
+}
+
+static void object_added_cb(GDBusProxy *proxy, void *user_data)
+{
+	struct btd_device *device;
+
+	device = find_device_by_proxy(proxy);
+
+	if (!device)
+		return;
+
+	add_device_data(device);
+}
+
+static void object_removed_cb(GDBusProxy *proxy, void *user_data)
+{
+	const char *path = g_dbus_proxy_get_path(proxy);
+	const char *iface = g_dbus_proxy_get_interface(proxy);
+	struct device_data *data;
+
+	if (strcmp(iface, BTD_DEVICE_INTERFACE) != 0)
+		return;
+
+	data = queue_find(devices, device_data_match_by_path, path);
+
+	if (data)
+		remove_device_data(data);
+}
+
 static int admin_policy_adapter_probe(struct btd_adapter *adapter)
 {
+	const char *adapter_path;
+
 	if (policy_data) {
 		btd_warn(policy_data->adapter_id,
 						"Policy data already exists");
@@ -216,33 +341,43 @@ static int admin_policy_adapter_probe(struct btd_adapter *adapter)
 	if (!policy_data)
 		return -ENOMEM;
 
-	if (!g_dbus_register_interface(dbus_conn, adapter_get_path(adapter),
+	adapter_path = adapter_get_path(adapter);
+
+	if (!g_dbus_register_interface(dbus_conn, adapter_path,
 					ADMIN_POLICY_SET_INTERFACE,
 					admin_policy_adapter_methods, NULL,
 					NULL, policy_data, admin_policy_free)) {
 		btd_error(policy_data->adapter_id,
 			"Admin Policy Set interface init failed on path %s",
-						adapter_get_path(adapter));
+								adapter_path);
 		return -EINVAL;
 	}
 
 	btd_info(policy_data->adapter_id,
 				"Admin Policy Set interface registered");
 
-	if (!g_dbus_register_interface(dbus_conn, adapter_get_path(adapter),
+	if (!g_dbus_register_interface(dbus_conn, adapter_path,
 					ADMIN_POLICY_STATUS_INTERFACE,
 					NULL, NULL,
 					admin_policy_adapter_properties,
 					policy_data, admin_policy_free)) {
 		btd_error(policy_data->adapter_id,
 			"Admin Policy Status interface init failed on path %s",
-						adapter_get_path(adapter));
+								adapter_path);
 		return -EINVAL;
 	}
 
 	btd_info(policy_data->adapter_id,
 				"Admin Policy Status interface registered");
 
+	dbus_client = g_dbus_client_new(dbus_conn, DBUS_BLUEZ_SERVICE,
+								adapter_path);
+
+	g_dbus_client_set_proxy_handlers(dbus_client, object_added_cb,
+						object_removed_cb, NULL, NULL);
+
+	g_dbus_client_set_ready_watch(dbus_client, NULL, NULL);
+
 	return 0;
 }
 
@@ -257,6 +392,7 @@ static int admin_policy_init(void)
 	DBG("");
 
 	dbus_conn = btd_get_dbus_connection();
+	devices = queue_new();
 
 	return btd_register_adapter_driver(&admin_policy_driver);
 }
@@ -266,9 +402,19 @@ static void admin_policy_exit(void)
 	DBG("");
 
 	btd_unregister_adapter_driver(&admin_policy_driver);
+	queue_destroy(devices, free_device_data);
 
 	if (policy_data)
 		admin_policy_free(policy_data);
+
+	if (dbus_client) {
+		g_dbus_client_set_disconnect_watch(dbus_client, NULL, NULL);
+		g_dbus_client_set_proxy_handlers(dbus_client, NULL, NULL, NULL,
+									NULL);
+		g_dbus_client_set_ready_watch(dbus_client, NULL, NULL);
+		g_dbus_client_unref(dbus_client);
+		dbus_client = NULL;
+	}
 }
 
 BLUETOOTH_PLUGIN_DEFINE(admin_policy, VERSION,

From patchwork Thu Jul 22 07:23:19 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Yun-hao Chung <howardchung@google.com>
X-Patchwork-Id: 484001
Return-Path: <linux-bluetooth-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
 aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-26.3 required=3.0 tests=BAYES_00,DKIMWL_WL_MED,
 DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,
 INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE,
 SPF_PASS, 
 URIBL_BLOCKED,USER_AGENT_GIT,USER_IN_DEF_DKIM_WL autolearn=ham
 autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
 by smtp.lore.kernel.org (Postfix) with ESMTP id 1974BC63798
 for <linux-bluetooth@archiver.kernel.org>;
 Thu, 22 Jul 2021 07:24:33 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
 by mail.kernel.org (Postfix) with ESMTP id F402F60551
 for <linux-bluetooth@archiver.kernel.org>;
 Thu, 22 Jul 2021 07:24:32 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
 id S230504AbhGVGn4 (ORCPT
 <rfc822;linux-bluetooth@archiver.kernel.org>);
 Thu, 22 Jul 2021 02:43:56 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60998 "EHLO
 lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by
 vger.kernel.org with ESMTP id S230410AbhGVGnv (ORCPT
 <rfc822;linux-bluetooth@vger.kernel.org>);
 Thu, 22 Jul 2021 02:43:51 -0400
Received: from mail-pl1-x64a.google.com (mail-pl1-x64a.google.com
 [IPv6:2607:f8b0:4864:20::64a])
 by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 43FDFC06179E
 for <linux-bluetooth@vger.kernel.org>;
 Thu, 22 Jul 2021 00:23:59 -0700 (PDT)
Received: by mail-pl1-x64a.google.com with SMTP id
 p9-20020a170902e749b029012b7acb0e05so2223655plf.23
 for <linux-bluetooth@vger.kernel.org>;
 Thu, 22 Jul 2021 00:23:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025;
 h=date:in-reply-to:message-id:mime-version:references:subject:from:to
 :cc; bh=aHuuA3aXJk87AqDOW0EsHYsn/rLGQfcJ7MKOCIl3a4E=;
 b=llJZeIX2BqU58SpYL2dmOrcdOxd9jjxgVC7YB9GJ87R3LKi6Msiz7lm8iRftihs4j6
 nKGt25U4Fwv7B6RQGT3lcejK6BRVDoCGEeAu5FgyUcGB4vhOH1P88m9wqLfGhigJ1Au5
 TMcHaaPNl5XGMZj8XHrkHwSG/WbsAoW+m7Oi66x6vdAoRfCZ8b3O1YbIJhHmEaL57DZM
 ODeCgFI0DHuH+8YwLkl1vaoZhTjfk44i9cRsaLXK9OoxP+7Sq9xGhyphmL6N4ft9f5hB
 JZZNiU12IVxxUHLTYlBE9aWp/BkFMwOVqbtVjdAs8bWHMwgWrM1BdWcwTBkAGk+q5xhG
 tU9g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:date:in-reply-to:message-id:mime-version
 :references:subject:from:to:cc;
 bh=aHuuA3aXJk87AqDOW0EsHYsn/rLGQfcJ7MKOCIl3a4E=;
 b=aiz6THmBewy9F2FmwH6e1XorlYPgMpJcCmGUycStiARku0AIXfxmUVblTW8CiDiOJ2
 s9RICpE2W8kUFmwOm33fJvQuSbvONf7PNNfXuKkXrARCP3mRcTfpatwsqACDnMuy22jm
 SsXpjtPQwL8T4e/772WOEHqSsghO/djFR66iyjdh8VKy8H3VUGUutKjyG27/vOycaHW7
 7AMZk59bIPm4vPDxlAadm2dnIIsjA3PfUA3wO7sajbMBSSaM74q8JtoZsgi5qRHP4eiI
 KPTvNGMVpFAlurPWBhGEaJxBOB3nhSN6TpenZDzqCm/bDVn9l+EaWnnvLJZXduYotfqS
 6P6Q==
X-Gm-Message-State: AOAM533m3EEv0R9nqULYjJ3YmaDYW0tOS4TXt/j9k0yCrzsirDks6Mt9
 DMeerkp4rNVbq7wrVv30lPMdQBqtfyRZDhh4PC/cQJQJ+EBT26oVfmKVudLj9k+me1DqNBPsF7/
 vf/Ho/nPcIYf5MoTZ3lnux301QZnbk2i3DnGtHm97LS195me9lXufj6JeGyduxmSoDZbfwxeYKd
 kSwKHOCTrvbro=
X-Google-Smtp-Source: ABdhPJw5plFXApemPbapEI6YbHuKQ07g9YQoGdrsSXtCMAuXeOYe5ZlZI+2FWynsMaoJDa/Mh4pn3KcPDMnSS9yWVw==
X-Received: from howardchung-p920.tpe.corp.google.com
 ([2401:fa00:1:10:69a3:595f:8267:f7e0])
 (user=howardchung job=sendgmr) by 2002:a62:160a:0:b029:328:56b9:b1ee
 with SMTP id
 10-20020a62160a0000b029032856b9b1eemr40640871pfw.52.1626938638650;
 Thu, 22 Jul 2021 00:23:58 -0700 (PDT)
Date: Thu, 22 Jul 2021 15:23:19 +0800
In-Reply-To: <20210722072321.1225119-1-howardchung@google.com>
Message-Id: <20210722152159.Bluez.v2.9.I570c860f59c8ed66ddb31aa54584ee08080aa10c@changeid>
Mime-Version: 1.0
References: <20210722072321.1225119-1-howardchung@google.com>
X-Mailer: git-send-email 2.32.0.402.g57bb445576-goog
Subject: [Bluez PATCH v2 09/11] plugins/admin_policy: add AffectedByPolicy
 property
From: Howard Chung <howardchung@google.com>
To: linux-bluetooth@vger.kernel.org, luiz.dentz@gmail.com
Cc: Yun-Hao Chung <howardchung@chromium.org>,
 Miao-chen Chou <mcchou@chromium.org>
Precedence: bulk
List-ID: <linux-bluetooth.vger.kernel.org>
X-Mailing-List: linux-bluetooth@vger.kernel.org

From: Yun-Hao Chung <howardchung@chromium.org>

This adds property to indicate if a device has any service that is being
blocked by admin policy.

Reviewed-by: Miao-chen Chou <mcchou@chromium.org>
---
The following test steps were performed:
1. Set ServiceAllowList to []
2. Verify AffectedByPolicy of K830 is False
3. Set ServiceAllowList to
   ["1800"]
4. Verify AffectedByPolicy of K830 is False
5. Set ServiceAllowList to ["1800","1801","180A","180F","1812"]
6. Verify AffectedByPolicy of K830 is True

(no changes since v1)

 plugins/admin_policy.c | 74 ++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 72 insertions(+), 2 deletions(-)

diff --git a/plugins/admin_policy.c b/plugins/admin_policy.c
index 73d695ef976b..3ce72b56b529 100644
--- a/plugins/admin_policy.c
+++ b/plugins/admin_policy.c
@@ -47,6 +47,7 @@ static struct btd_admin_policy {
 struct device_data {
 	struct btd_device *device;
 	char *path;
+	bool affected;
 };
 
 static struct btd_admin_policy *admin_policy_new(struct btd_adapter *adapter)
@@ -140,6 +141,27 @@ static bool service_allowlist_set(struct btd_admin_policy *admin_policy,
 	return true;
 }
 
+static void update_device_affected(void *data, void *user_data)
+{
+	struct device_data *dev_data = data;
+	bool affected;
+
+	if (!dev_data) {
+		error("Unexpected NULL device_data when updating device");
+		return;
+	}
+
+	affected = !btd_device_all_services_allowed(dev_data->device);
+
+	if (affected == dev_data->affected)
+		return;
+
+	dev_data->affected = affected;
+
+	g_dbus_emit_property_changed(dbus_conn, dev_data->path,
+			ADMIN_POLICY_STATUS_INTERFACE, "AffectedByPolicy");
+}
+
 static DBusMessage *set_service_allowlist(DBusConnection *conn,
 					DBusMessage *msg, void *user_data)
 {
@@ -168,6 +190,8 @@ static DBusMessage *set_service_allowlist(DBusConnection *conn,
 					ADMIN_POLICY_STATUS_INTERFACE,
 					"ServiceAllowList");
 
+	queue_foreach(devices, update_device_affected, NULL);
+
 	return dbus_message_new_method_return(msg);
 }
 
@@ -240,6 +264,29 @@ static bool device_data_match_by_path(const void *a, const void *b)
 	return strcmp(data->path, b) == 0;
 }
 
+static gboolean property_get_affected_by_policy(
+					const GDBusPropertyTable *property,
+					DBusMessageIter *iter, void *user_data)
+{
+	struct device_data *data = user_data;
+	dbus_bool_t affected;
+
+	if (!data) {
+		error("Unexpected error: device_data is NULL");
+		return FALSE;
+	}
+
+	dbus_message_iter_append_basic(iter, DBUS_TYPE_BOOLEAN,
+							&data->affected);
+
+	return TRUE;
+}
+
+static const GDBusPropertyTable admin_policy_device_properties[] = {
+	{ "AffectedByPolicy", "b", property_get_affected_by_policy },
+	{ }
+};
+
 static void free_device_data(void *data)
 {
 	struct device_data *device_data = data;
@@ -275,11 +322,33 @@ static void add_device_data(struct btd_device *device)
 
 	data->device = device;
 	data->path = g_strdup(device_get_path(device));
+	data->affected = !btd_device_all_services_allowed(data->device);
+
+	if (!g_dbus_register_interface(dbus_conn, data->path,
+					ADMIN_POLICY_STATUS_INTERFACE,
+					NULL, NULL,
+					admin_policy_device_properties,
+					data, remove_device_data)) {
+		btd_error(btd_adapter_get_index(adapter),
+			"Admin Policy Status interface init failed on path %s",
+						device_get_path(device));
+		free_device_data(data);
+		return;
+	}
+
 	queue_push_tail(devices, data);
 
 	DBG("device_data for %s added", data->path);
 }
 
+static void unregister_device_data(void *data, void *user_data)
+{
+	struct device_data *dev_data = data;
+
+	g_dbus_unregister_interface(dbus_conn, dev_data->path,
+						ADMIN_POLICY_STATUS_INTERFACE);
+}
+
 static struct btd_device *find_device_by_proxy(GDBusProxy *proxy)
 {
 	const char *path = g_dbus_proxy_get_path(proxy);
@@ -323,7 +392,7 @@ static void object_removed_cb(GDBusProxy *proxy, void *user_data)
 	data = queue_find(devices, device_data_match_by_path, path);
 
 	if (data)
-		remove_device_data(data);
+		unregister_device_data(data, NULL);
 }
 
 static int admin_policy_adapter_probe(struct btd_adapter *adapter)
@@ -402,7 +471,8 @@ static void admin_policy_exit(void)
 	DBG("");
 
 	btd_unregister_adapter_driver(&admin_policy_driver);
-	queue_destroy(devices, free_device_data);
+	queue_foreach(devices, unregister_device_data, NULL);
+	queue_destroy(devices, g_free);
 
 	if (policy_data)
 		admin_policy_free(policy_data);