* [PATCH BlueZ v2 1/2] shared/gatt-server: Add bt_gatt_server_set_permissions @ 2026-04-08 20:13 Luiz Augusto von Dentz 2026-04-08 20:13 ` [PATCH BlueZ v2 2/2] main.conf: Add GATT.Security option Luiz Augusto von Dentz 2026-04-08 21:09 ` [BlueZ,v2,1/2] shared/gatt-server: Add bt_gatt_server_set_permissions bluez.test.bot 0 siblings, 2 replies; 4+ messages in thread From: Luiz Augusto von Dentz @ 2026-04-08 20:13 UTC (permalink / raw) To: linux-bluetooth From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> This adds bt_gatt_server_set_permissions which can be used to enabled/disable permission checking before operations which can be useful on testing only environment where encryption/pairing is not desirable/needed. --- src/shared/gatt-server.c | 13 +++++++++++++ src/shared/gatt-server.h | 2 ++ 2 files changed, 15 insertions(+) diff --git a/src/shared/gatt-server.c b/src/shared/gatt-server.c index 27ae7e79ed3d..6273899965c0 100644 --- a/src/shared/gatt-server.c +++ b/src/shared/gatt-server.c @@ -93,6 +93,7 @@ struct bt_gatt_server { struct bt_att *att; int ref_count; uint16_t mtu; + bool perms; unsigned int mtu_id; unsigned int read_by_grp_type_id; @@ -414,6 +415,9 @@ static uint8_t check_permissions(struct bt_gatt_server *server, uint32_t perm; int security; + if (!server->perms) + return 0; + perm = gatt_db_attribute_get_permissions(attr); if (perm && mask & BT_ATT_PERM_READ && !(perm & BT_ATT_PERM_READ)) @@ -1652,6 +1656,7 @@ struct bt_gatt_server *bt_gatt_server_new(struct gatt_db *db, server->db = gatt_db_ref(db); server->att = bt_att_ref(att); server->mtu = MAX(mtu, BT_ATT_DEFAULT_LE_MTU); + server->perms = true; server->max_prep_queue_len = DEFAULT_MAX_PREP_QUEUE_LEN; server->prep_queue = queue_new(); server->min_enc_size = min_enc_size; @@ -1680,6 +1685,14 @@ struct bt_att *bt_gatt_server_get_att(struct bt_gatt_server *server) return server->att; } +void bt_gatt_server_set_permissions(struct bt_gatt_server *server, bool value) +{ + if (!server) + return; + + server->perms = value; +} + struct bt_gatt_server *bt_gatt_server_ref(struct bt_gatt_server *server) { if (!server) diff --git a/src/shared/gatt-server.h b/src/shared/gatt-server.h index de98a0d04747..ea49f2960d71 100644 --- a/src/shared/gatt-server.h +++ b/src/shared/gatt-server.h @@ -17,6 +17,8 @@ struct bt_gatt_server *bt_gatt_server_new(struct gatt_db *db, uint8_t min_enc_size); uint16_t bt_gatt_server_get_mtu(struct bt_gatt_server *server); struct bt_att *bt_gatt_server_get_att(struct bt_gatt_server *server); +void bt_gatt_server_set_permissions(struct bt_gatt_server *server, + bool value); struct bt_gatt_server *bt_gatt_server_ref(struct bt_gatt_server *server); void bt_gatt_server_unref(struct bt_gatt_server *server); -- 2.53.0 ^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH BlueZ v2 2/2] main.conf: Add GATT.Security option 2026-04-08 20:13 [PATCH BlueZ v2 1/2] shared/gatt-server: Add bt_gatt_server_set_permissions Luiz Augusto von Dentz @ 2026-04-08 20:13 ` Luiz Augusto von Dentz 2026-04-08 21:09 ` [BlueZ,v2,1/2] shared/gatt-server: Add bt_gatt_server_set_permissions bluez.test.bot 1 sibling, 0 replies; 4+ messages in thread From: Luiz Augusto von Dentz @ 2026-04-08 20:13 UTC (permalink / raw) To: linux-bluetooth From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> This adds GATT.Security option which by default is set to auto to detect if encryption/authentication is required on demand, but if Testing is set enables the user to enter a desirable security level. In case the security level is low it then proceeds to disable checking GATT attribute permissions for server operations. --- src/btd.h | 1 + src/device.c | 16 +++++++++++++--- src/main.c | 35 +++++++++++++++++++++++++++++++++++ src/main.conf | 8 ++++++++ 4 files changed, 57 insertions(+), 3 deletions(-) diff --git a/src/btd.h b/src/btd.h index 1b521706d05e..c84a600d109a 100644 --- a/src/btd.h +++ b/src/btd.h @@ -158,6 +158,7 @@ struct btd_opts { uint8_t gatt_channels; bool gatt_client; enum bt_gatt_export_t gatt_export; + bool gatt_seclevel; enum mps_mode_t mps; struct btd_avdtp_opts avdtp; diff --git a/src/device.c b/src/device.c index cfbde307bcc9..3f86e60bd666 100644 --- a/src/device.c +++ b/src/device.c @@ -6300,7 +6300,7 @@ static void gatt_client_init(struct btd_device *device) if (btd_opts.gatt_channels > 1) features |= BT_GATT_CHRC_CLI_FEAT_EATT; - if (device->bonding) { + if (!btd_opts.gatt_seclevel && device->bonding) { DBG("Elevating security level since bonding is in progress"); bt_att_set_security(device->att, BT_ATT_SECURITY_MEDIUM); } @@ -6371,6 +6371,9 @@ static void gatt_server_init(struct btd_device *device, if (device->ltk) bt_att_set_enc_key_size(device->att, device->ltk->enc_size); + if (btd_opts.gatt_seclevel == BT_ATT_SECURITY_LOW) + bt_gatt_server_set_permissions(device->server, false); + bt_gatt_server_set_debug(device->server, gatt_debug, NULL, NULL); btd_gatt_database_server_connected(database, device->server); @@ -6442,7 +6445,8 @@ bool device_attach_att(struct btd_device *dev, GIOChannel *io) return false; } - if (sec_level == BT_IO_SEC_LOW && dev->le_state.paired) { + if (!btd_opts.gatt_seclevel && sec_level == BT_IO_SEC_LOW && + dev->le_state.paired) { DBG("Elevating security level since LTK is available"); sec_level = BT_IO_SEC_MEDIUM; @@ -6482,6 +6486,10 @@ bool device_attach_att(struct btd_device *dev, GIOChannel *io) bt_att_set_remote_key(dev->att, dev->remote_csrk->key, remote_counter, dev); + /* Force security level if it has been set */ + if (btd_opts.gatt_seclevel) + bt_att_set_security(dev->att, btd_opts.gatt_seclevel); + database = btd_adapter_get_database(dev->adapter); dst = device_get_address(dev); @@ -6597,7 +6605,9 @@ int device_connect_le(struct btd_device *dev) /* Set as initiator */ dev->le_state.initiator = true; - if (dev->le_state.paired) + if (btd_opts.gatt_seclevel) + sec_level = btd_opts.gatt_seclevel; + else if (dev->le_state.paired) sec_level = BT_IO_SEC_MEDIUM; else sec_level = BT_IO_SEC_LOW; diff --git a/src/main.c b/src/main.c index 59df0ad4ca3a..818f7c06ef66 100644 --- a/src/main.c +++ b/src/main.c @@ -152,6 +152,7 @@ static const char *gatt_options[] = { "Channels", "Client", "ExportClaimedServices", + "Security", NULL }; @@ -1112,6 +1113,38 @@ static void parse_gatt_export(GKeyFile *config) g_free(str); } +static uint8_t parse_gatt_seclevel_str(const char *str) +{ + if (!strcmp(str, "auto")) + return BT_ATT_SECURITY_AUTO; + else if (!strcmp(str, "low") || !strcmp(str, "1")) + return BT_ATT_SECURITY_LOW; + else if (!strcmp(str, "medium") || !strcmp(str, "2")) + return BT_ATT_SECURITY_MEDIUM; + else if (!strcmp(str, "high") || !strcmp(str, "3")) + return BT_ATT_SECURITY_HIGH; + else if (!strcmp(str, "fips") || !strcmp(str, "4")) + return BT_ATT_SECURITY_FIPS; + + DBG("Invalid value for Security=%s", str); + return BT_ATT_SECURITY_AUTO; +} + +static void parse_gatt_seclevel(GKeyFile *config) +{ + char *str = NULL; + + if (!btd_opts.testing) + return; + + parse_config_string(config, "GATT", "Security", &str); + if (!str) + return; + + btd_opts.gatt_seclevel = parse_gatt_seclevel_str(str); + g_free(str); +} + static void parse_gatt(GKeyFile *config) { parse_gatt_cache(config); @@ -1122,6 +1155,7 @@ static void parse_gatt(GKeyFile *config) 1, 6); parse_config_bool(config, "GATT", "Client", &btd_opts.gatt_client); parse_gatt_export(config); + parse_gatt_seclevel(config); } static void parse_csis_sirk(GKeyFile *config) @@ -1269,6 +1303,7 @@ static void init_defaults(void) btd_opts.gatt_channels = 1; btd_opts.gatt_client = true; btd_opts.gatt_export = BT_GATT_EXPORT_READ_ONLY; + btd_opts.gatt_seclevel = BT_ATT_SECURITY_AUTO; btd_opts.avdtp.session_mode = BT_IO_MODE_BASIC; btd_opts.avdtp.stream_mode = BT_IO_MODE_BASIC; diff --git a/src/main.conf b/src/main.conf index fd1ace651da7..52eb3854addc 100644 --- a/src/main.conf +++ b/src/main.conf @@ -291,6 +291,14 @@ KernelExperimental = 6fbaf188-05e0-496a-9885-d6ddfdb4e03e # Default: read-only #ExportClaimedServices = read-only +# Security level: +# Sets security level of ATT channel, setting security anything other than +# auto requires Testing to be set, setting to low disables GATT server +# attribite permissions. +# Possible values: auto, [low=1, medium=2, high=3, fips=4 (Testing = true)] +# Default = auto +# Security = auto + [CSIS] # SIRK - Set Identification Resolution Key which is common for all the # sets. They SIRK key is used to identify its sets. This can be any -- 2.53.0 ^ permalink raw reply related [flat|nested] 4+ messages in thread
* RE: [BlueZ,v2,1/2] shared/gatt-server: Add bt_gatt_server_set_permissions 2026-04-08 20:13 [PATCH BlueZ v2 1/2] shared/gatt-server: Add bt_gatt_server_set_permissions Luiz Augusto von Dentz 2026-04-08 20:13 ` [PATCH BlueZ v2 2/2] main.conf: Add GATT.Security option Luiz Augusto von Dentz @ 2026-04-08 21:09 ` bluez.test.bot 1 sibling, 0 replies; 4+ messages in thread From: bluez.test.bot @ 2026-04-08 21:09 UTC (permalink / raw) To: linux-bluetooth, luiz.dentz [-- Attachment #1: Type: text/plain, Size: 2060 bytes --] This is automated email and please do not reply to this email! Dear submitter, Thank you for submitting the patches to the linux bluetooth mailing list. This is a CI test results with your patch series: PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=1078903 ---Test result--- Test Summary: CheckPatch PENDING 0.37 seconds GitLint PENDING 0.36 seconds BuildEll PASS 19.88 seconds BluezMake PASS 620.11 seconds MakeCheck PASS 18.19 seconds MakeDistcheck PASS 239.32 seconds CheckValgrind PASS 286.41 seconds CheckSmatch WARNING 341.71 seconds bluezmakeextell PASS 177.17 seconds IncrementalBuild PENDING 0.34 seconds ScanBuild PASS 990.84 seconds Details ############################## Test: CheckPatch - PENDING Desc: Run checkpatch.pl script Output: ############################## Test: GitLint - PENDING Desc: Run gitlint Output: ############################## Test: CheckSmatch - WARNING Desc: Run smatch tool with source Output: src/shared/gatt-server.c:279:25: warning: Variable length array is used.src/shared/gatt-server.c:622:25: warning: Variable length array is used.src/shared/gatt-server.c:720:25: warning: Variable length array is used.src/shared/gatt-server.c:279:25: warning: Variable length array is used.src/shared/gatt-server.c:622:25: warning: Variable length array is used.src/shared/gatt-server.c:720:25: warning: Variable length array is used.src/shared/gatt-server.c:279:25: warning: Variable length array is used.src/shared/gatt-server.c:622:25: warning: Variable length array is used.src/shared/gatt-server.c:720:25: warning: Variable length array is used. ############################## Test: IncrementalBuild - PENDING Desc: Incremental build with the patches in the series Output: https://github.com/bluez/bluez/pull/2025/checks --- Regards, Linux Bluetooth ^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH BlueZ v2 1/2] shared/gatt-server: Add bt_gatt_server_set_permissions @ 2026-04-08 20:14 Luiz Augusto von Dentz 2026-04-08 21:10 ` [BlueZ,v2,1/2] " bluez.test.bot 0 siblings, 1 reply; 4+ messages in thread From: Luiz Augusto von Dentz @ 2026-04-08 20:14 UTC (permalink / raw) To: linux-bluetooth From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> This adds bt_gatt_server_set_permissions which can be used to enabled/disable permission checking before operations which can be useful on testing only environment where encryption/pairing is not desirable/needed. --- src/shared/gatt-server.c | 13 +++++++++++++ src/shared/gatt-server.h | 2 ++ 2 files changed, 15 insertions(+) diff --git a/src/shared/gatt-server.c b/src/shared/gatt-server.c index 27ae7e79ed3d..6273899965c0 100644 --- a/src/shared/gatt-server.c +++ b/src/shared/gatt-server.c @@ -93,6 +93,7 @@ struct bt_gatt_server { struct bt_att *att; int ref_count; uint16_t mtu; + bool perms; unsigned int mtu_id; unsigned int read_by_grp_type_id; @@ -414,6 +415,9 @@ static uint8_t check_permissions(struct bt_gatt_server *server, uint32_t perm; int security; + if (!server->perms) + return 0; + perm = gatt_db_attribute_get_permissions(attr); if (perm && mask & BT_ATT_PERM_READ && !(perm & BT_ATT_PERM_READ)) @@ -1652,6 +1656,7 @@ struct bt_gatt_server *bt_gatt_server_new(struct gatt_db *db, server->db = gatt_db_ref(db); server->att = bt_att_ref(att); server->mtu = MAX(mtu, BT_ATT_DEFAULT_LE_MTU); + server->perms = true; server->max_prep_queue_len = DEFAULT_MAX_PREP_QUEUE_LEN; server->prep_queue = queue_new(); server->min_enc_size = min_enc_size; @@ -1680,6 +1685,14 @@ struct bt_att *bt_gatt_server_get_att(struct bt_gatt_server *server) return server->att; } +void bt_gatt_server_set_permissions(struct bt_gatt_server *server, bool value) +{ + if (!server) + return; + + server->perms = value; +} + struct bt_gatt_server *bt_gatt_server_ref(struct bt_gatt_server *server) { if (!server) diff --git a/src/shared/gatt-server.h b/src/shared/gatt-server.h index de98a0d04747..ea49f2960d71 100644 --- a/src/shared/gatt-server.h +++ b/src/shared/gatt-server.h @@ -17,6 +17,8 @@ struct bt_gatt_server *bt_gatt_server_new(struct gatt_db *db, uint8_t min_enc_size); uint16_t bt_gatt_server_get_mtu(struct bt_gatt_server *server); struct bt_att *bt_gatt_server_get_att(struct bt_gatt_server *server); +void bt_gatt_server_set_permissions(struct bt_gatt_server *server, + bool value); struct bt_gatt_server *bt_gatt_server_ref(struct bt_gatt_server *server); void bt_gatt_server_unref(struct bt_gatt_server *server); -- 2.53.0 ^ permalink raw reply related [flat|nested] 4+ messages in thread
* RE: [BlueZ,v2,1/2] shared/gatt-server: Add bt_gatt_server_set_permissions 2026-04-08 20:14 [PATCH BlueZ v2 1/2] " Luiz Augusto von Dentz @ 2026-04-08 21:10 ` bluez.test.bot 0 siblings, 0 replies; 4+ messages in thread From: bluez.test.bot @ 2026-04-08 21:10 UTC (permalink / raw) To: linux-bluetooth, luiz.dentz [-- Attachment #1: Type: text/plain, Size: 2061 bytes --] This is automated email and please do not reply to this email! Dear submitter, Thank you for submitting the patches to the linux bluetooth mailing list. This is a CI test results with your patch series: PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=1078904 ---Test result--- Test Summary: CheckPatch PENDING 0.33 seconds GitLint PENDING 0.43 seconds BuildEll PASS 19.80 seconds BluezMake PASS 649.70 seconds MakeCheck PASS 18.91 seconds MakeDistcheck PASS 241.03 seconds CheckValgrind PASS 288.56 seconds CheckSmatch WARNING 344.91 seconds bluezmakeextell PASS 180.07 seconds IncrementalBuild PENDING 0.29 seconds ScanBuild PASS 1002.94 seconds Details ############################## Test: CheckPatch - PENDING Desc: Run checkpatch.pl script Output: ############################## Test: GitLint - PENDING Desc: Run gitlint Output: ############################## Test: CheckSmatch - WARNING Desc: Run smatch tool with source Output: src/shared/gatt-server.c:279:25: warning: Variable length array is used.src/shared/gatt-server.c:622:25: warning: Variable length array is used.src/shared/gatt-server.c:720:25: warning: Variable length array is used.src/shared/gatt-server.c:279:25: warning: Variable length array is used.src/shared/gatt-server.c:622:25: warning: Variable length array is used.src/shared/gatt-server.c:720:25: warning: Variable length array is used.src/shared/gatt-server.c:279:25: warning: Variable length array is used.src/shared/gatt-server.c:622:25: warning: Variable length array is used.src/shared/gatt-server.c:720:25: warning: Variable length array is used. ############################## Test: IncrementalBuild - PENDING Desc: Incremental build with the patches in the series Output: https://github.com/bluez/bluez/pull/2026/checks --- Regards, Linux Bluetooth ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2026-04-08 21:10 UTC | newest] Thread overview: 4+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2026-04-08 20:13 [PATCH BlueZ v2 1/2] shared/gatt-server: Add bt_gatt_server_set_permissions Luiz Augusto von Dentz 2026-04-08 20:13 ` [PATCH BlueZ v2 2/2] main.conf: Add GATT.Security option Luiz Augusto von Dentz 2026-04-08 21:09 ` [BlueZ,v2,1/2] shared/gatt-server: Add bt_gatt_server_set_permissions bluez.test.bot -- strict thread matches above, loose matches on Subject: below -- 2026-04-08 20:14 [PATCH BlueZ v2 1/2] " Luiz Augusto von Dentz 2026-04-08 21:10 ` [BlueZ,v2,1/2] " bluez.test.bot
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox