From: "Frédéric Danis" <frederic.danis@collabora.com>
To: linux-bluetooth@vger.kernel.org
Subject: [PATCH BlueZ v2 8/8] device: apply profile-aware admin allowlist checks for device services
Date: Wed, 15 Jul 2026 11:02:06 +0200 [thread overview]
Message-ID: <20260715090206.212130-9-frederic.danis@collabora.com> (raw)
In-Reply-To: <20260715090206.212130-1-frederic.danis@collabora.com>
Use adapter profile-aware policy mapping when evaluating device service
allowance, so device-side filtering matches adapter-side allowlist
semantics.
This updates device policy checks to call
btd_adapter_is_profile_allowed() instead of directly matching
profile->remote_uuid. It fixes A2DP role-inverted cases where allowing
source UUID policy should still permit connecting to the corresponding
remote sink profile.
Changes:
- Export profile-aware allowlist helper in adapter policy API
- Reuse that helper in device service allowance evaluation and refresh
paths
Behavioral effect:
- admin allowlist decisions remain strict, but now consistent across
adapter profile probing and device connection filtering.
Assisted-by: GPT:GPT-5.3-Codex
---
src/adapter.c | 6 +++---
src/adapter.h | 3 +++
src/device.c | 5 ++---
3 files changed, 8 insertions(+), 6 deletions(-)
diff --git a/src/adapter.c b/src/adapter.c
index 843fc7d76..e5b09b5e8 100644
--- a/src/adapter.c
+++ b/src/adapter.c
@@ -5267,7 +5267,7 @@ static const char *profile_allowlist_uuid(const struct btd_profile *profile)
return NULL;
}
-static bool adapter_profile_is_allowed(struct btd_adapter *adapter,
+bool btd_adapter_is_profile_allowed(struct btd_adapter *adapter,
const struct btd_profile *profile)
{
const char *uuid = profile_allowlist_uuid(profile);
@@ -5286,7 +5286,7 @@ static void probe_profile(struct btd_profile *profile, void *data)
if (profile->adapter_probe == NULL)
return;
- if (!adapter_profile_is_allowed(adapter, profile)) {
+ if (!btd_adapter_is_profile_allowed(adapter, profile)) {
DBG("%s blocked by admin allowlist", profile->name);
return;
}
@@ -5311,7 +5311,7 @@ static void reapply_profile(struct btd_profile *profile, void *data)
active = g_slist_find(adapter->profiles, profile) != NULL;
- if (adapter_profile_is_allowed(adapter, profile)) {
+ if (btd_adapter_is_profile_allowed(adapter, profile)) {
if (!active)
probe_profile(profile, adapter);
return;
diff --git a/src/adapter.h b/src/adapter.h
index cec528c56..b5faf611c 100644
--- a/src/adapter.h
+++ b/src/adapter.h
@@ -27,6 +27,7 @@
struct btd_adapter;
struct btd_device;
+struct btd_profile;
struct queue;
struct btd_adapter *btd_adapter_get_default(void);
@@ -295,6 +296,8 @@ bool btd_adapter_set_allowed_uuids(struct btd_adapter *adapter,
struct queue *uuids);
bool btd_adapter_is_uuid_allowed(struct btd_adapter *adapter,
const char *uuid_str);
+bool btd_adapter_is_profile_allowed(struct btd_adapter *adapter,
+ const struct btd_profile *profile);
void btd_adapter_reapply_allowed_uuids(struct btd_adapter *adapter);
void btd_adapter_load_conn_param(struct btd_adapter *adapter,
diff --git a/src/device.c b/src/device.c
index 65d84be56..773cde35a 100644
--- a/src/device.c
+++ b/src/device.c
@@ -2561,7 +2561,7 @@ bool btd_device_all_services_allowed(struct btd_device *dev)
if (!profile || !profile->auto_connect)
continue;
- if (!btd_adapter_is_uuid_allowed(adapter, profile->remote_uuid))
+ if (!btd_adapter_is_profile_allowed(adapter, profile))
return false;
}
@@ -2591,8 +2591,7 @@ void btd_device_update_allowed_services(struct btd_device *dev)
service = l->data;
profile = btd_service_get_profile(service);
- is_allowed = btd_adapter_is_uuid_allowed(adapter,
- profile->remote_uuid);
+ is_allowed = btd_adapter_is_profile_allowed(adapter, profile);
btd_service_set_allowed(service, is_allowed);
}
}
--
2.43.0
prev parent reply other threads:[~2026-07-15 9:02 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-07-15 9:01 [PATCH BlueZ v2 0/8] plugin/admin: Make allowlist adapter-scoped and enforce at runtime Frédéric Danis
2026-07-15 9:01 ` [PATCH BlueZ v2 1/8] plugins/admin: make AdminPolicy state per-adapter Frédéric Danis
2026-07-15 10:16 ` plugin/admin: Make allowlist adapter-scoped and enforce at runtime bluez.test.bot
2026-07-15 9:02 ` [PATCH BlueZ v2 2/8] client/bluetoothctl: make admin.allow controller-aware Frédéric Danis
2026-07-15 9:02 ` [PATCH BlueZ v2 3/8] doc: document admin.allow optional controller argument Frédéric Danis
2026-07-15 13:40 ` Luiz Augusto von Dentz
2026-07-15 9:02 ` [PATCH BlueZ v2 4/8] src/adapter: enforce allowlist for local services Frédéric Danis
2026-07-15 9:02 ` [PATCH BlueZ v2 5/8] plugins/admin: reapply allowlist on policy updates Frédéric Danis
2026-07-15 9:02 ` [PATCH BlueZ v2 6/8] doc: describe admin allowlist runtime enforcement Frédéric Danis
2026-07-15 9:02 ` [PATCH BlueZ v2 7/8] profiles/audio: fix UAF on external media service teardown Frédéric Danis
2026-07-15 13:42 ` Luiz Augusto von Dentz
2026-07-15 9:02 ` Frédéric Danis [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260715090206.212130-9-frederic.danis@collabora.com \
--to=frederic.danis@collabora.com \
--cc=linux-bluetooth@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.