From: Tyszkowski Jakub <jakub.tyszkowski@tieto.com>
To: Luiz Augusto von Dentz <luiz.dentz@gmail.com>
Cc: "linux-bluetooth@vger.kernel.org" <linux-bluetooth@vger.kernel.org>
Subject: Re: [PATCH 2/2] android/hid: Force encryption for keyboards
Date: Fri, 22 Aug 2014 10:25:49 +0200 [thread overview]
Message-ID: <53F6FE8D.3000300@tieto.com> (raw)
In-Reply-To: <CABBYNZKw-ropQpjGuq0Ko7rTmXJBuTzHOi9Fu0R20EH3GJ58Ng@mail.gmail.com>
Hi Luiz,
On 08/21/2014 01:58 PM, Luiz Augusto von Dentz wrote:
> Hi Jakub,
>
> On Thu, Aug 21, 2014 at 1:04 PM, Jakub Tyszkowski
> <jakub.tyszkowski@tieto.com> wrote:
>> Encryption is mandatory for keyboards.
>> ---
>> android/hidhost.c | 27 ++++++++++++++++++++++++---
>> 1 file changed, 24 insertions(+), 3 deletions(-)
>>
>> diff --git a/android/hidhost.c b/android/hidhost.c
>> index 07985d8..d57b24b 100644
>> --- a/android/hidhost.c
>> +++ b/android/hidhost.c
>> @@ -579,6 +579,7 @@ static void control_connect_cb(GIOChannel *chan, GError *conn_err,
>> {
>> struct hid_device *dev = user_data;
>> GError *err = NULL;
>> + int sec_level;
>>
>> DBG("");
>>
>> @@ -589,12 +590,15 @@ static void control_connect_cb(GIOChannel *chan, GError *conn_err,
>> goto failed;
>> }
>>
>> + /* Encryption is mandatory for keyboards */
>> + sec_level = (dev->subclass & 0x40) ? BT_IO_SEC_MEDIUM : BT_IO_SEC_LOW;
>> +
>> /* Connect to the HID interrupt channel */
>> dev->intr_io = bt_io_connect(interrupt_connect_cb, dev, NULL, &err,
>> BT_IO_OPT_SOURCE_BDADDR, &adapter_addr,
>> BT_IO_OPT_DEST_BDADDR, &dev->dst,
>> BT_IO_OPT_PSM, L2CAP_PSM_HIDP_INTR,
>> - BT_IO_OPT_SEC_LEVEL, BT_IO_SEC_LOW,
>> + BT_IO_OPT_SEC_LEVEL, sec_level,
>> BT_IO_OPT_INVALID);
>> if (!dev->intr_io) {
>> error("hidhost: Failed to connect interrupt channel (%s)",
>> @@ -618,6 +622,7 @@ static void hid_sdp_search_cb(sdp_list_t *recs, int err, gpointer data)
>> struct hid_device *dev = data;
>> sdp_list_t *list;
>> GError *gerr = NULL;
>> + int sec_level = BT_IO_SEC_LOW;
>>
>> DBG("");
>>
>> @@ -640,9 +645,14 @@ static void hid_sdp_search_cb(sdp_list_t *recs, int err, gpointer data)
>> dev->country = data->val.uint8;
>>
>> data = sdp_data_get(rec, SDP_ATTR_HID_DEVICE_SUBCLASS);
>> - if (data)
>> + if (data) {
>> dev->subclass = data->val.uint8;
>>
>> + /* Encryption is mandatory for keyboards */
>> + if (dev->subclass & 0x40)
>> + sec_level = BT_IO_SEC_MEDIUM;
>> + }
>
> I prefer to store this info in the device struct e..g dev->sec_level
Seams reasonable. I'll be sending v2.
>
>> data = sdp_data_get(rec, SDP_ATTR_HID_BOOT_DEVICE);
>> if (data)
>> dev->boot_dev = data->val.uint8;
>> @@ -673,6 +683,17 @@ static void hid_sdp_search_cb(sdp_list_t *recs, int err, gpointer data)
>> }
>>
>> if (dev->ctrl_io) {
>> + /* Encryption is mandatory for keyboards */
>> + if ((dev->subclass & 0x40) && !bt_io_set(dev->ctrl_io, &gerr,
>> + BT_IO_OPT_SEC_LEVEL, BT_IO_SEC_MEDIUM,
>> + BT_IO_OPT_INVALID)) {
>> + error("hidhost: Cannot rise security level: %s",
>> + gerr->message);
>> + g_error_free(gerr);
>> +
>> + goto fail;
>> + }
>> +
>> if (uhid_create(dev) < 0)
>> goto fail;
>> return;
>> @@ -682,7 +703,7 @@ static void hid_sdp_search_cb(sdp_list_t *recs, int err, gpointer data)
>> BT_IO_OPT_SOURCE_BDADDR, &adapter_addr,
>> BT_IO_OPT_DEST_BDADDR, &dev->dst,
>> BT_IO_OPT_PSM, L2CAP_PSM_HIDP_CTRL,
>> - BT_IO_OPT_SEC_LEVEL, BT_IO_SEC_LOW,
>> + BT_IO_OPT_SEC_LEVEL, sec_level,
>> BT_IO_OPT_INVALID);
>> if (gerr) {
>> error("hidhost: Failed to connect control channel (%s)",
>> --
>> 1.9.1
>>
>> --
>> To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in
>> the body of a message to majordomo@vger.kernel.org
>> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
>
>
Regards,
Jakub
prev parent reply other threads:[~2014-08-22 8:25 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-08-21 10:04 [PATCH 1/2] android/hid: Reject connections from unknown devices Jakub Tyszkowski
2014-08-21 10:04 ` [PATCH 2/2] android/hid: Force encryption for keyboards Jakub Tyszkowski
2014-08-21 11:58 ` Luiz Augusto von Dentz
2014-08-22 8:25 ` Tyszkowski Jakub [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=53F6FE8D.3000300@tieto.com \
--to=jakub.tyszkowski@tieto.com \
--cc=linux-bluetooth@vger.kernel.org \
--cc=luiz.dentz@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).