This series adds a new "SixaxisCablePairing" property to allow us to indentify sixaxis devices that have been paired using the canonical USB cable method. With that information, we can dynamically enforce encryption to drastically reduce the attack surface, compared to just disabling the "ClassicBondedOnly" property. The "SixaxisCablePairing" property is exposed via D-Bus to allow clients to potentually show this information to end users. As far as I can tell, starting the listening input server with BT_IO_SEC_LOW and then bumping it in `hidp_add_connection()` should not have any negative effect regarding the overall security. However, please let me know if it turns out not being the case. The last commit "input: Validate the Sixaxis HID report descriptor" can probably be reviewed and merged separately if needed. Addresses https://github.com/bluez/bluez/issues/1165 Changes in v2: - Start the listening input server with BT_IO_SEC_LOW only if we actually have a known sixaxis device Ludovico de Nittis (8): src: Add new SixaxisCablePairing property client: Print SixaxisCablePairing value if BlueZ was compiled with sixaxis plugins: Set SixaxisCablePairing property when pairing a sixaxis with USB adapter: Add btd_adapter_has_sixaxis_cable_pairing() input: Automatically use security level low when using a sixaxis device adapter: Set server security level in load_devices() sixaxis: Set security level when adding a sixaxis device input: Validate the Sixaxis HID report descriptor client/main.c | 3 ++ configure.ac | 3 ++ doc/org.bluez.Device.rst | 6 ++++ plugins/sixaxis.c | 8 ++++- profiles/input/device.c | 77 ++++++++++++++++++++++++++++++++++++++-- profiles/input/manager.c | 3 +- profiles/input/server.c | 62 ++++++++++++++++++++++++++++++-- profiles/input/server.h | 3 +- src/adapter.c | 24 +++++++++++++ src/adapter.h | 1 + src/device.c | 44 +++++++++++++++++++++++ src/device.h | 3 ++ 12 files changed, 229 insertions(+), 8 deletions(-) -- 2.49.0
