From: fdanis-oss <noreply@github.com>
To: linux-bluetooth@vger.kernel.org
Subject: [bluez/bluez] 3a16a8: plugins/admin: make AdminPolicy state per-adapter
Date: Wed, 15 Jul 2026 02:31:23 -0700 [thread overview]
Message-ID: <bluez/bluez/push/refs/heads/1128023/000000-22fc7f@github.com> (raw)
Branch: refs/heads/1128023
Home: https://github.com/bluez/bluez
Commit: 3a16a8bfa0eb58b909f012dcfa44597d950b0cb5
https://github.com/bluez/bluez/commit/3a16a8bfa0eb58b909f012dcfa44597d950b0cb5
Author: Frédéric Danis <frederic.danis@collabora.com>
Date: 2026-07-15 (Wed, 15 Jul 2026)
Changed paths:
M plugins/admin.c
Log Message:
-----------
plugins/admin: make AdminPolicy state per-adapter
Fix AdminPolicy D-Bus updates being emitted on the wrong adapter path
by removing the single global policy context and moving to per-adapter
policy objects.
Changes include:
- track policy contexts in a policy queue keyed by adapter pointer
- keep per-adapter device lists inside each policy context
- emit ServiceAllowList changes using the callback's adapter context
- scope device affected updates to the current adapter only
- clean up probe/remove lifecycle so adapters are registered and torn
down independently
- remove remaining global policy_data/devices coupling
Assisted-by: GPT:GPT-5.3-Codex
Commit: 97cc14fb77695faa5a3306d4e62b3bb63772afcf
https://github.com/bluez/bluez/commit/97cc14fb77695faa5a3306d4e62b3bb63772afcf
Author: Frédéric Danis <frederic.danis@collabora.com>
Date: 2026-07-15 (Wed, 15 Jul 2026)
Changed paths:
M client/admin.c
M client/admin.h
M client/main.c
Log Message:
-----------
client/bluetoothctl: make admin.allow controller-aware
Teach admin.allow to target the selected default controller when no
controller is provided, and to accept an explicit [ctrl] argument.
Replace single cached AdminPolicy proxies with per-controller proxy
lookup keyed by controller object path, so controller selection changes
are respected.
Export controller lookup/default helpers and shared controller
completion from main.c for reuse by admin.c.
Assisted-by: GPT:GPT-5.3-Codex
Commit: e603f521f002ecb79e4663e9e478493dfaf20c31
https://github.com/bluez/bluez/commit/e603f521f002ecb79e4663e9e478493dfaf20c31
Author: Frédéric Danis <frederic.danis@collabora.com>
Date: 2026-07-15 (Wed, 15 Jul 2026)
Changed paths:
M doc/bluetoothctl-admin.rst
M doc/org.bluez.AdminPolicySet.rst
Log Message:
-----------
doc: document admin.allow optional controller argument
Update bluetoothctl usage to 'admin.allow [ctrl] [clear/uuid1 uuid2 ...]'
and add explicit controller examples.
Refresh AdminPolicySet examples to include the controller-qualified
admin.allow form.
Assisted-by: GPT:GPT-5.3-Codex
Commit: 33aa9c2206a1f914d197f98ec3920deaad9e16ea
https://github.com/bluez/bluez/commit/33aa9c2206a1f914d197f98ec3920deaad9e16ea
Author: Frédéric Danis <frederic.danis@collabora.com>
Date: 2026-07-15 (Wed, 15 Jul 2026)
Changed paths:
M src/adapter.c
M src/adapter.h
Log Message:
-----------
src/adapter: enforce allowlist for local services
Apply admin allowlist to adapter/server service startup and
registration, and reapply policy dynamically when allowlist changes.
- Gate adapter profile probe by allowlist-derived UUID policy
- Reapply active adapter profiles on allowlist updates (stop
disallowed, start newly allowed)
- Block SDP service registration when UUID is not allowed
- Reapply existing local SDP registrations at runtime by removing
services that become disallowed
Assisted-by: GPT:GPT-5.3-Codex
Commit: eb73f345e6586b40f15af64fea6659e06a167344
https://github.com/bluez/bluez/commit/eb73f345e6586b40f15af64fea6659e06a167344
Author: Frédéric Danis <frederic.danis@collabora.com>
Date: 2026-07-15 (Wed, 15 Jul 2026)
Changed paths:
M plugins/admin.c
Log Message:
-----------
plugins/admin: reapply allowlist on policy updates
Invoke adapter allowlist reapply after SetServiceAllowList updates
so runtime state follows policy changes immediately.
Assisted-by: GPT:GPT-5.3-Codex
Commit: 8be82ab04298c95cd0f2249bfbe98f70a061e4de
https://github.com/bluez/bluez/commit/8be82ab04298c95cd0f2249bfbe98f70a061e4de
Author: Frédéric Danis <frederic.danis@collabora.com>
Date: 2026-07-15 (Wed, 15 Jul 2026)
Changed paths:
M doc/org.bluez.AdminPolicySet.rst
M doc/org.bluez.AdminPolicyStatus.rst
Log Message:
-----------
doc: describe admin allowlist runtime enforcement
Document that ServiceAllowList now also governs local adapter/server
startup and registration, and that allowlist updates are applied
immediately on initialized adapters.
Clarify ServiceAllowList status semantics for both remote profile
connection policy and local server policy.
Assisted-by: GPT:GPT-5.3-Codex
Commit: 2e9c479f65fbbf27f72d34871223cfdafae4f5e2
https://github.com/bluez/bluez/commit/2e9c479f65fbbf27f72d34871223cfdafae4f5e2
Author: Frédéric Danis <frederic.danis@collabora.com>
Date: 2026-07-15 (Wed, 15 Jul 2026)
Changed paths:
M profiles/audio/media.c
Log Message:
-----------
profiles/audio: fix UAF on external media service teardown
Keep media_app endpoint/player queues in sync with object lifetime to
avoid stale pointers during proxy removal.
When admin allowlist reapply removes audio services, endpoint/player
objects may be destroyed through non-proxy paths first.
Later proxy_removed_cb calls queue_remove_if() and matching by path
can dereference freed endpoint/player memory.
Fix by:
- adding media_app back-references in media_endpoint/local_player
- unlinking from app queues inside media_endpoint_remove or
local_player_remove
- setting ownership when app-registering endpoint/player objects
This prevents heap-use-after-free in match_endpoint_by_path or
match_player_by_path during service disconnect.
Assisted-by: GPT:GPT-5.3-Codex
Commit: 22fc7f30bb5ddfb754025ef73ed4fa6a9c96de1d
https://github.com/bluez/bluez/commit/22fc7f30bb5ddfb754025ef73ed4fa6a9c96de1d
Author: Frédéric Danis <frederic.danis@collabora.com>
Date: 2026-07-15 (Wed, 15 Jul 2026)
Changed paths:
M src/adapter.c
M src/adapter.h
M src/device.c
Log Message:
-----------
device: apply profile-aware admin allowlist checks for device services
Use adapter profile-aware policy mapping when evaluating device service
allowance, so device-side filtering matches adapter-side allowlist
semantics.
This updates device policy checks to call
btd_adapter_is_profile_allowed() instead of directly matching
profile->remote_uuid. It fixes A2DP role-inverted cases where allowing
source UUID policy should still permit connecting to the corresponding
remote sink profile.
Changes:
- Export profile-aware allowlist helper in adapter policy API
- Reuse that helper in device service allowance evaluation and refresh
paths
Behavioral effect:
- admin allowlist decisions remain strict, but now consistent across
adapter profile probing and device connection filtering.
Assisted-by: GPT:GPT-5.3-Codex
Compare: https://github.com/bluez/bluez/compare/3a16a8bfa0eb%5E...22fc7f30bb5d
To unsubscribe from these emails, change your notification settings at https://github.com/bluez/bluez/settings/notifications
reply other threads:[~2026-07-15 9:31 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bluez/bluez/push/refs/heads/1128023/000000-22fc7f@github.com \
--to=noreply@github.com \
--cc=linux-bluetooth@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox