All of lore.kernel.org
 help / color / mirror / Atom feed
From: fdanis-oss <noreply@github.com>
To: linux-bluetooth@vger.kernel.org
Subject: [bluez/bluez] 3a16a8: plugins/admin: make AdminPolicy state per-adapter
Date: Wed, 15 Jul 2026 02:31:23 -0700	[thread overview]
Message-ID: <bluez/bluez/push/refs/heads/1128023/000000-22fc7f@github.com> (raw)

  Branch: refs/heads/1128023
  Home:   https://github.com/bluez/bluez
  Commit: 3a16a8bfa0eb58b909f012dcfa44597d950b0cb5
      https://github.com/bluez/bluez/commit/3a16a8bfa0eb58b909f012dcfa44597d950b0cb5
  Author: Frédéric Danis <frederic.danis@collabora.com>
  Date:   2026-07-15 (Wed, 15 Jul 2026)

  Changed paths:
    M plugins/admin.c

  Log Message:
  -----------
  plugins/admin: make AdminPolicy state per-adapter

Fix AdminPolicy D-Bus updates being emitted on the wrong adapter path
by removing the single global policy context and moving to per-adapter
policy objects.

Changes include:
- track policy contexts in a policy queue keyed by adapter pointer
- keep per-adapter device lists inside each policy context
- emit ServiceAllowList changes using the callback's adapter context
- scope device affected updates to the current adapter only
- clean up probe/remove lifecycle so adapters are registered and torn
  down independently
- remove remaining global policy_data/devices coupling

Assisted-by: GPT:GPT-5.3-Codex


  Commit: 97cc14fb77695faa5a3306d4e62b3bb63772afcf
      https://github.com/bluez/bluez/commit/97cc14fb77695faa5a3306d4e62b3bb63772afcf
  Author: Frédéric Danis <frederic.danis@collabora.com>
  Date:   2026-07-15 (Wed, 15 Jul 2026)

  Changed paths:
    M client/admin.c
    M client/admin.h
    M client/main.c

  Log Message:
  -----------
  client/bluetoothctl: make admin.allow controller-aware

Teach admin.allow to target the selected default controller when no
controller is provided, and to accept an explicit [ctrl] argument.

Replace single cached AdminPolicy proxies with per-controller proxy
lookup keyed by controller object path, so controller selection changes
are respected.

Export controller lookup/default helpers and shared controller
completion from main.c for reuse by admin.c.

Assisted-by: GPT:GPT-5.3-Codex


  Commit: e603f521f002ecb79e4663e9e478493dfaf20c31
      https://github.com/bluez/bluez/commit/e603f521f002ecb79e4663e9e478493dfaf20c31
  Author: Frédéric Danis <frederic.danis@collabora.com>
  Date:   2026-07-15 (Wed, 15 Jul 2026)

  Changed paths:
    M doc/bluetoothctl-admin.rst
    M doc/org.bluez.AdminPolicySet.rst

  Log Message:
  -----------
  doc: document admin.allow optional controller argument

Update bluetoothctl usage to 'admin.allow [ctrl] [clear/uuid1 uuid2 ...]'
and add explicit controller examples.

Refresh AdminPolicySet examples to include the controller-qualified
admin.allow form.

Assisted-by: GPT:GPT-5.3-Codex


  Commit: 33aa9c2206a1f914d197f98ec3920deaad9e16ea
      https://github.com/bluez/bluez/commit/33aa9c2206a1f914d197f98ec3920deaad9e16ea
  Author: Frédéric Danis <frederic.danis@collabora.com>
  Date:   2026-07-15 (Wed, 15 Jul 2026)

  Changed paths:
    M src/adapter.c
    M src/adapter.h

  Log Message:
  -----------
  src/adapter: enforce allowlist for local services

Apply admin allowlist to adapter/server service startup and
registration, and reapply policy dynamically when allowlist changes.

- Gate adapter profile probe by allowlist-derived UUID policy
- Reapply active adapter profiles on allowlist updates (stop
  disallowed, start newly allowed)
- Block SDP service registration when UUID is not allowed
- Reapply existing local SDP registrations at runtime by removing
  services that become disallowed

Assisted-by: GPT:GPT-5.3-Codex


  Commit: eb73f345e6586b40f15af64fea6659e06a167344
      https://github.com/bluez/bluez/commit/eb73f345e6586b40f15af64fea6659e06a167344
  Author: Frédéric Danis <frederic.danis@collabora.com>
  Date:   2026-07-15 (Wed, 15 Jul 2026)

  Changed paths:
    M plugins/admin.c

  Log Message:
  -----------
  plugins/admin: reapply allowlist on policy updates

Invoke adapter allowlist reapply after SetServiceAllowList updates
so runtime state follows policy changes immediately.

Assisted-by: GPT:GPT-5.3-Codex


  Commit: 8be82ab04298c95cd0f2249bfbe98f70a061e4de
      https://github.com/bluez/bluez/commit/8be82ab04298c95cd0f2249bfbe98f70a061e4de
  Author: Frédéric Danis <frederic.danis@collabora.com>
  Date:   2026-07-15 (Wed, 15 Jul 2026)

  Changed paths:
    M doc/org.bluez.AdminPolicySet.rst
    M doc/org.bluez.AdminPolicyStatus.rst

  Log Message:
  -----------
  doc: describe admin allowlist runtime enforcement

Document that ServiceAllowList now also governs local adapter/server
startup and registration, and that allowlist updates are applied
immediately on initialized adapters.

Clarify ServiceAllowList status semantics for both remote profile
connection policy and local server policy.

Assisted-by: GPT:GPT-5.3-Codex


  Commit: 2e9c479f65fbbf27f72d34871223cfdafae4f5e2
      https://github.com/bluez/bluez/commit/2e9c479f65fbbf27f72d34871223cfdafae4f5e2
  Author: Frédéric Danis <frederic.danis@collabora.com>
  Date:   2026-07-15 (Wed, 15 Jul 2026)

  Changed paths:
    M profiles/audio/media.c

  Log Message:
  -----------
  profiles/audio: fix UAF on external media service teardown

Keep media_app endpoint/player queues in sync with object lifetime to
avoid stale pointers during proxy removal.

When admin allowlist reapply removes audio services, endpoint/player
objects may be destroyed through non-proxy paths first.
Later proxy_removed_cb calls queue_remove_if() and matching by path
can dereference freed endpoint/player memory.

Fix by:
- adding media_app back-references in media_endpoint/local_player
- unlinking from app queues inside media_endpoint_remove or
  local_player_remove
- setting ownership when app-registering endpoint/player objects

This prevents heap-use-after-free in match_endpoint_by_path or
match_player_by_path during service disconnect.

Assisted-by: GPT:GPT-5.3-Codex


  Commit: 22fc7f30bb5ddfb754025ef73ed4fa6a9c96de1d
      https://github.com/bluez/bluez/commit/22fc7f30bb5ddfb754025ef73ed4fa6a9c96de1d
  Author: Frédéric Danis <frederic.danis@collabora.com>
  Date:   2026-07-15 (Wed, 15 Jul 2026)

  Changed paths:
    M src/adapter.c
    M src/adapter.h
    M src/device.c

  Log Message:
  -----------
  device: apply profile-aware admin allowlist checks for device services

Use adapter profile-aware policy mapping when evaluating device service
allowance, so device-side filtering matches adapter-side allowlist
semantics.

This updates device policy checks to call
btd_adapter_is_profile_allowed() instead of directly matching
profile->remote_uuid. It fixes A2DP role-inverted cases where allowing
source UUID policy should still permit connecting to the corresponding
remote sink profile.

Changes:
- Export profile-aware allowlist helper in adapter policy API
- Reuse that helper in device service allowance evaluation and refresh
  paths

Behavioral effect:
- admin allowlist decisions remain strict, but now consistent across
  adapter profile probing and device connection filtering.

Assisted-by: GPT:GPT-5.3-Codex


Compare: https://github.com/bluez/bluez/compare/3a16a8bfa0eb%5E...22fc7f30bb5d

To unsubscribe from these emails, change your notification settings at https://github.com/bluez/bluez/settings/notifications

                 reply	other threads:[~2026-07-15  9:31 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=bluez/bluez/push/refs/heads/1128023/000000-22fc7f@github.com \
    --to=noreply@github.com \
    --cc=linux-bluetooth@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.