Hi Ludovico, On Thu, Apr 24, 2025 at 12:03 PM Ludovico de Nittis <ludovico.denittis@xxxxxxxxxxxxx> wrote: > > This series adds a new "CablePairing" property to allow us to > indentify devices that have been paired using a custom USB cable > cable method and that don't support the canonical bonding with > encryption. With that information, we can dynamically enforce > encryption to drastically reduce the attack surface, compared to just > disabling the "ClassicBondedOnly" property. > > The "CablePairing" property is exposed via D-Bus to allow > clients to potentually show this information to end users. > > As far as I can tell, starting the listening input server with > BT_IO_SEC_LOW and then bumping it in `hidp_add_connection()` should not > have any negative effect regarding the overall security. However, > please let me know if it turns out not being the case. > > Addresses https://github.com/bluez/bluez/issues/1165 > > Changes in v2: > - Start the listening input server with BT_IO_SEC_LOW only if we > actually have a known sixaxis device > > Changes in v3: > - Change the property from being sixaxis specific to a generic > "CablePairing" > - Remove the manual validation of Sixaxis HID report descriptor > because we already replace it with a pre-dermined SDP record > in `sixaxis.c` > > Changes in v4: > - Instead of setting the server security level in adapter.c, we > do it when registering the input devices, during probing > > Ludovico de Nittis (6): > src: Add new CablePairing property > client: Print CablePairing property > sixaxis: Set CablePairing when pairing a Sixaxis with USB > adapter: Add btd_adapter_has_cable_pairing_devices() > input: Automatically use sec level low when using a cable paired > device > sixaxis: Set security level when adding a sixaxis device > > client/main.c | 1 + > doc/org.bluez.Device.rst | 7 +++++ > plugins/sixaxis.c | 8 ++++- > profiles/input/device.c | 20 +++++++++++-- > profiles/input/manager.c | 3 +- > profiles/input/server.c | 63 ++++++++++++++++++++++++++++++++++++++-- > profiles/input/server.h | 3 +- > src/adapter.c | 17 +++++++++++ > src/adapter.h | 1 + > src/device.c | 40 +++++++++++++++++++++++++ > src/device.h | 2 ++ > 11 files changed, 157 insertions(+), 8 deletions(-) > > -- > 2.49.0 > Looks like CI has found something not quite right still: https://github.com/bluez/bluez/pull/1191#issuecomment-2828175923 -- Luiz Augusto von Dentz
