search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
bluetooth: Lock down creation of AF_BLUETOOTH sockets.
[linux-2.6/android.git] / net / bluetooth / af_bluetooth.c
blobdc58d94bfc7d082b50f3e915aed1192bbb2a77ae
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth address family and sockets. */
26
27 #include <linux/module.h>
28
29 #include <linux/types.h>
30 #include <linux/list.h>
31 #include <linux/errno.h>
32 #include <linux/kernel.h>
33 #include <linux/sched.h>
34 #include <linux/slab.h>
35 #include <linux/skbuff.h>
36 #include <linux/init.h>
37 #include <linux/poll.h>
38 #include <net/sock.h>
39
40 #if defined(CONFIG_KMOD)
41 #include <linux/kmod.h>
42 #endif
43
44 #include <net/bluetooth/bluetooth.h>
45
46 #ifdef CONFIG_ANDROID_PARANOID_BLUETOOTH
47 #include <linux/android_aid.h>
48 #endif
49
50 #ifndef CONFIG_BT_SOCK_DEBUG
51 #undef BT_DBG
52 #define BT_DBG(D...)
53 #endif
54
55 #define VERSION "2.11"
56
57 /* Bluetooth sockets */
58 #define BT_MAX_PROTO 8
59 static struct net_proto_family *bt_proto[BT_MAX_PROTO];
60 static DEFINE_RWLOCK(bt_proto_lock);
61
62 int bt_sock_register(int proto, struct net_proto_family *ops)
63 {
64 int err = 0;
65
66 if (proto < 0 || proto >= BT_MAX_PROTO)
67 return -EINVAL;
68
69 write_lock(&bt_proto_lock);
70
71 if (bt_proto[proto])
72 err = -EEXIST;
73 else
74 bt_proto[proto] = ops;
75
76 write_unlock(&bt_proto_lock);
77
78 return err;
79 }
80 EXPORT_SYMBOL(bt_sock_register);
81
82 int bt_sock_unregister(int proto)
83 {
84 int err = 0;
85
86 if (proto < 0 || proto >= BT_MAX_PROTO)
87 return -EINVAL;
88
89 write_lock(&bt_proto_lock);
90
91 if (!bt_proto[proto])
92 err = -ENOENT;
93 else
94 bt_proto[proto] = NULL;
95
96 write_unlock(&bt_proto_lock);
97
98 return err;
99 }
100 EXPORT_SYMBOL(bt_sock_unregister);
101
102 #ifdef CONFIG_ANDROID_PARANOID_BLUETOOTH
103 static int is_bt_admin(void) {
104 return !current->uid || current->gid == AID_NET_BT_ADMIN ||
105 groups_search(current->group_info, AID_NET_BT_ADMIN);
106 }
107
108 static int is_bt_user_or_admin(void) {
109 return is_bt_admin() || current->gid == AID_NET_BT ||
110 groups_search(current->group_info, AID_NET_BT);
111 }
112 #endif
113
114 static int bt_sock_create(struct net *net, struct socket *sock, int proto)
115 {
116 int err;
117
118 #ifdef CONFIG_ANDROID_PARANOID_BLUETOOTH
119 if (proto == BTPROTO_RFCOMM || proto == BTPROTO_SCO ||
120 proto == BTPROTO_L2CAP) {
121 if (!is_bt_user_or_admin())
122 return -EPERM;
123 } else if (!is_bt_admin()) {
124 return -EPERM;
125 }
126 #endif
127
128 if (net != &init_net)
129 return -EAFNOSUPPORT;
130
131 if (proto < 0 || proto >= BT_MAX_PROTO)
132 return -EINVAL;
133
134 #if defined(CONFIG_KMOD)
135 if (!bt_proto[proto]) {
136 request_module("bt-proto-%d", proto);
137 }
138 #endif
139
140 err = -EPROTONOSUPPORT;
141
142 read_lock(&bt_proto_lock);
143
144 if (bt_proto[proto] && try_module_get(bt_proto[proto]->owner)) {
145 err = bt_proto[proto]->create(net, sock, proto);
146 module_put(bt_proto[proto]->owner);
147 }
148
149 read_unlock(&bt_proto_lock);
150
151 return err;
152 }
153
154 void bt_sock_link(struct bt_sock_list *l, struct sock *sk)
155 {
156 write_lock_bh(&l->lock);
157 sk_add_node(sk, &l->head);
158 write_unlock_bh(&l->lock);
159 }
160 EXPORT_SYMBOL(bt_sock_link);
161
162 void bt_sock_unlink(struct bt_sock_list *l, struct sock *sk)
163 {
164 write_lock_bh(&l->lock);
165 sk_del_node_init(sk);
166 write_unlock_bh(&l->lock);
167 }
168 EXPORT_SYMBOL(bt_sock_unlink);
169
170 void bt_accept_enqueue(struct sock *parent, struct sock *sk)
171 {
172 BT_DBG("parent %p, sk %p", parent, sk);
173
174 sock_hold(sk);
175 list_add_tail(&bt_sk(sk)->accept_q, &bt_sk(parent)->accept_q);
176 bt_sk(sk)->parent = parent;
177 parent->sk_ack_backlog++;
178 }
179 EXPORT_SYMBOL(bt_accept_enqueue);
180
181 void bt_accept_unlink(struct sock *sk)
182 {
183 BT_DBG("sk %p state %d", sk, sk->sk_state);
184
185 list_del_init(&bt_sk(sk)->accept_q);
186 bt_sk(sk)->parent->sk_ack_backlog--;
187 bt_sk(sk)->parent = NULL;
188 sock_put(sk);
189 }
190 EXPORT_SYMBOL(bt_accept_unlink);
191
192 struct sock *bt_accept_dequeue(struct sock *parent, struct socket *newsock)
193 {
194 struct list_head *p, *n;
195 struct sock *sk;
196
197 BT_DBG("parent %p", parent);
198
199 list_for_each_safe(p, n, &bt_sk(parent)->accept_q) {
200 sk = (struct sock *) list_entry(p, struct bt_sock, accept_q);
201
202 lock_sock(sk);
203
204 /* FIXME: Is this check still needed */
205 if (sk->sk_state == BT_CLOSED) {
206 release_sock(sk);
207 bt_accept_unlink(sk);
208 continue;
209 }
210
211 if (sk->sk_state == BT_CONNECTED || !newsock) {
212 bt_accept_unlink(sk);
213 if (newsock)
214 sock_graft(sk, newsock);
215 release_sock(sk);
216 return sk;
217 }
218
219 release_sock(sk);
220 }
221 return NULL;
222 }
223 EXPORT_SYMBOL(bt_accept_dequeue);
224
225 int bt_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
226 struct msghdr *msg, size_t len, int flags)
227 {
228 int noblock = flags & MSG_DONTWAIT;
229 struct sock *sk = sock->sk;
230 struct sk_buff *skb;
231 size_t copied;
232 int err;
233
234 BT_DBG("sock %p sk %p len %d", sock, sk, len);
235
236 if (flags & (MSG_OOB))
237 return -EOPNOTSUPP;
238
239 if (!(skb = skb_recv_datagram(sk, flags, noblock, &err))) {
240 if (sk->sk_shutdown & RCV_SHUTDOWN)
241 return 0;
242 return err;
243 }
244
245 msg->msg_namelen = 0;
246
247 copied = skb->len;
248 if (len < copied) {
249 msg->msg_flags |= MSG_TRUNC;
250 copied = len;
251 }
252
253 skb_reset_transport_header(skb);
254 err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);
255
256 skb_free_datagram(sk, skb);
257
258 return err ? : copied;
259 }
260 EXPORT_SYMBOL(bt_sock_recvmsg);
261
262 static inline unsigned int bt_accept_poll(struct sock *parent)
263 {
264 struct list_head *p, *n;
265 struct sock *sk;
266
267 list_for_each_safe(p, n, &bt_sk(parent)->accept_q) {
268 sk = (struct sock *) list_entry(p, struct bt_sock, accept_q);
269 if (sk->sk_state == BT_CONNECTED)
270 return POLLIN | POLLRDNORM;
271 }
272
273 return 0;
274 }
275
276 unsigned int bt_sock_poll(struct file * file, struct socket *sock, poll_table *wait)
277 {
278 struct sock *sk = sock->sk;
279 unsigned int mask = 0;
280
281 BT_DBG("sock %p, sk %p", sock, sk);
282
283 poll_wait(file, sk->sk_sleep, wait);
284
285 if (sk->sk_state == BT_LISTEN)
286 return bt_accept_poll(sk);
287
288 if (sk->sk_err || !skb_queue_empty(&sk->sk_error_queue))
289 mask |= POLLERR;
290
291 if (sk->sk_shutdown & RCV_SHUTDOWN)
292 mask |= POLLRDHUP;
293
294 if (sk->sk_shutdown == SHUTDOWN_MASK)
295 mask |= POLLHUP;
296
297 if (!skb_queue_empty(&sk->sk_receive_queue) ||
298 (sk->sk_shutdown & RCV_SHUTDOWN))
299 mask |= POLLIN | POLLRDNORM;
300
301 if (sk->sk_state == BT_CLOSED)
302 mask |= POLLHUP;
303
304 if (sk->sk_state == BT_CONNECT ||
305 sk->sk_state == BT_CONNECT2 ||
306 sk->sk_state == BT_CONFIG)
307 return mask;
308
309 if (sock_writeable(sk))
310 mask |= POLLOUT | POLLWRNORM | POLLWRBAND;
311 else
312 set_bit(SOCK_ASYNC_NOSPACE, &sk->sk_socket->flags);
313
314 return mask;
315 }
316 EXPORT_SYMBOL(bt_sock_poll);
317
318 int bt_sock_wait_state(struct sock *sk, int state, unsigned long timeo)
319 {
320 DECLARE_WAITQUEUE(wait, current);
321 int err = 0;
322
323 BT_DBG("sk %p", sk);
324
325 add_wait_queue(sk->sk_sleep, &wait);
326 while (sk->sk_state != state) {
327 set_current_state(TASK_INTERRUPTIBLE);
328
329 if (!timeo) {
330 err = -EINPROGRESS;
331 break;
332 }
333
334 if (signal_pending(current)) {
335 err = sock_intr_errno(timeo);
336 break;
337 }
338
339 release_sock(sk);
340 timeo = schedule_timeout(timeo);
341 lock_sock(sk);
342
343 err = sock_error(sk);
344 if (err)
345 break;
346 }
347 set_current_state(TASK_RUNNING);
348 remove_wait_queue(sk->sk_sleep, &wait);
349 return err;
350 }
351 EXPORT_SYMBOL(bt_sock_wait_state);
352
353 static struct net_proto_family bt_sock_family_ops = {
354 .owner = THIS_MODULE,
355 .family = PF_BLUETOOTH,
356 .create = bt_sock_create,
357 };
358
359 static int __init bt_init(void)
360 {
361 int err;
362
363 BT_INFO("Core ver %s", VERSION);
364
365 err = bt_sysfs_init();
366 if (err < 0)
367 return err;
368
369 err = sock_register(&bt_sock_family_ops);
370 if (err < 0) {
371 bt_sysfs_cleanup();
372 return err;
373 }
374
375 BT_INFO("HCI device and connection manager initialized");
376
377 hci_sock_init();
378
379 return 0;
380 }
381
382 static void __exit bt_exit(void)
383 {
384 hci_sock_cleanup();
385
386 sock_unregister(PF_BLUETOOTH);
387
388 bt_sysfs_cleanup();
389 }
390
391 subsys_initcall(bt_init);
392 module_exit(bt_exit);
393
394 MODULE_AUTHOR("Maxim Krasnyansky <maxk@qualcomm.com>, Marcel Holtmann <marcel@holtmann.org>");
395 MODULE_DESCRIPTION("Bluetooth Core ver " VERSION);
396 MODULE_VERSION(VERSION);
397 MODULE_LICENSE("GPL");
398 MODULE_ALIAS_NETPROTO(PF_BLUETOOTH);
android clone