1 files changed, 46 insertions, 7 deletions
diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
index eda52397a648..38b03bd14723 100644
--- a/net/bluetooth/mgmt.c
+++ b/net/bluetooth/mgmt.c
@@ -141,6 +141,27 @@ static const u16 mgmt_events[] = {
        MGMT_EV_ADVERTISING_REMOVED,
 };
+static const u16 mgmt_untrusted_commands[] = {
+        MGMT_OP_READ_INDEX_LIST,
+        MGMT_OP_READ_INFO,
+        MGMT_OP_READ_UNCONF_INDEX_LIST,
+        MGMT_OP_READ_CONFIG_INFO,
+        MGMT_OP_READ_EXT_INDEX_LIST,
+};
+static const u16 mgmt_untrusted_events[] = {
+        MGMT_EV_INDEX_ADDED,
+        MGMT_EV_INDEX_REMOVED,
+        MGMT_EV_NEW_SETTINGS,
+        MGMT_EV_CLASS_OF_DEV_CHANGED,
+        MGMT_EV_LOCAL_NAME_CHANGED,
+        MGMT_EV_UNCONF_INDEX_ADDED,
+        MGMT_EV_UNCONF_INDEX_REMOVED,
+        MGMT_EV_NEW_CONFIG_OPTIONS,
+        MGMT_EV_EXT_INDEX_ADDED,
+        MGMT_EV_EXT_INDEX_REMOVED,
+};
 #define CACHE_TIMEOUT   msecs_to_jiffies(2 * 1000)
 #define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
@@ -265,14 +286,20 @@ static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
                         u16 data_len)
 {
        struct mgmt_rp_read_commands *rp;
-        const u16 num_commands = ARRAY_SIZE(mgmt_commands);
+        u16 num_commands, num_events;
-        const u16 num_events = ARRAY_SIZE(mgmt_events);
-        __le16 *opcode;
        size_t rp_size;
        int i, err;
        BT_DBG("sock %p", sk);
+        if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
+                num_commands = ARRAY_SIZE(mgmt_commands);
+                num_events = ARRAY_SIZE(mgmt_events);
+        } else {
+                num_commands = ARRAY_SIZE(mgmt_untrusted_commands);
+                num_events = ARRAY_SIZE(mgmt_untrusted_events);
+        }
        rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
        rp = kmalloc(rp_size, GFP_KERNEL);
@@ -282,11 +309,23 @@ static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
        rp->num_commands = cpu_to_le16(num_commands);
        rp->num_events = cpu_to_le16(num_events);
-        for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
+        if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
-                put_unaligned_le16(mgmt_commands[i], opcode);
+                __le16 *opcode = rp->opcodes;
+                for (i = 0; i < num_commands; i++, opcode++)
+                        put_unaligned_le16(mgmt_commands[i], opcode);
+                for (i = 0; i < num_events; i++, opcode++)
+                        put_unaligned_le16(mgmt_events[i], opcode);
+        } else {
+                __le16 *opcode = rp->opcodes;
+                for (i = 0; i < num_commands; i++, opcode++)
+                        put_unaligned_le16(mgmt_untrusted_commands[i], opcode);
-        for (i = 0; i < num_events; i++, opcode++)
+                for (i = 0; i < num_events; i++, opcode++)
-                put_unaligned_le16(mgmt_events[i], opcode);
+                        put_unaligned_le16(mgmt_untrusted_events[i], opcode);
+        }
        err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,
                                rp, rp_size);

diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c index eda52397a648..38b03bd14723 100644 --- a/net/bluetooth/mgmt.c +++ b/net/bluetooth/mgmt.c
@@ -141,6 +141,27 @@ static const u16 mgmt_events[] = {
141	MGMT_EV_ADVERTISING_REMOVED,	141	MGMT_EV_ADVERTISING_REMOVED,
142	};	142	};
143		143
		144	static const u16 mgmt_untrusted_commands[] = {
		145	MGMT_OP_READ_INDEX_LIST,
		146	MGMT_OP_READ_INFO,
		147	MGMT_OP_READ_UNCONF_INDEX_LIST,
		148	MGMT_OP_READ_CONFIG_INFO,
		149	MGMT_OP_READ_EXT_INDEX_LIST,
		150	};
		151
		152	static const u16 mgmt_untrusted_events[] = {
		153	MGMT_EV_INDEX_ADDED,
		154	MGMT_EV_INDEX_REMOVED,
		155	MGMT_EV_NEW_SETTINGS,
		156	MGMT_EV_CLASS_OF_DEV_CHANGED,
		157	MGMT_EV_LOCAL_NAME_CHANGED,
		158	MGMT_EV_UNCONF_INDEX_ADDED,
		159	MGMT_EV_UNCONF_INDEX_REMOVED,
		160	MGMT_EV_NEW_CONFIG_OPTIONS,
		161	MGMT_EV_EXT_INDEX_ADDED,
		162	MGMT_EV_EXT_INDEX_REMOVED,
		163	};
		164
144	#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)	165	#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
145		166
146	#define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \	167	#define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
@@ -265,14 +286,20 @@ static int read_commands(struct sock sk, struct hci_dev hdev, void *data,
265	u16 data_len)	286	u16 data_len)
266	{	287	{
267	struct mgmt_rp_read_commands *rp;	288	struct mgmt_rp_read_commands *rp;
268	const u16 num_commands = ARRAY_SIZE(mgmt_commands);	289	u16 num_commands, num_events;
269	const u16 num_events = ARRAY_SIZE(mgmt_events);
270	__le16 *opcode;
271	size_t rp_size;	290	size_t rp_size;
272	int i, err;	291	int i, err;
273		292
274	BT_DBG("sock %p", sk);	293	BT_DBG("sock %p", sk);
275		294
		295	if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
		296	num_commands = ARRAY_SIZE(mgmt_commands);
		297	num_events = ARRAY_SIZE(mgmt_events);
		298	} else {
		299	num_commands = ARRAY_SIZE(mgmt_untrusted_commands);
		300	num_events = ARRAY_SIZE(mgmt_untrusted_events);
		301	}
		302
276	rp_size = sizeof(rp) + ((num_commands + num_events) sizeof(u16));	303	rp_size = sizeof(rp) + ((num_commands + num_events) sizeof(u16));
277		304
278	rp = kmalloc(rp_size, GFP_KERNEL);	305	rp = kmalloc(rp_size, GFP_KERNEL);
@@ -282,11 +309,23 @@ static int read_commands(struct sock sk, struct hci_dev hdev, void *data,
282	rp->num_commands = cpu_to_le16(num_commands);	309	rp->num_commands = cpu_to_le16(num_commands);
283	rp->num_events = cpu_to_le16(num_events);	310	rp->num_events = cpu_to_le16(num_events);
284		311
285	for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)	312	if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
286	put_unaligned_le16(mgmt_commands[i], opcode);	313	__le16 *opcode = rp->opcodes;
		314
		315	for (i = 0; i < num_commands; i++, opcode++)
		316	put_unaligned_le16(mgmt_commands[i], opcode);
		317
		318	for (i = 0; i < num_events; i++, opcode++)
		319	put_unaligned_le16(mgmt_events[i], opcode);
		320	} else {
		321	__le16 *opcode = rp->opcodes;
		322
		323	for (i = 0; i < num_commands; i++, opcode++)
		324	put_unaligned_le16(mgmt_untrusted_commands[i], opcode);
287		325
288	for (i = 0; i < num_events; i++, opcode++)	326	for (i = 0; i < num_events; i++, opcode++)
289	put_unaligned_le16(mgmt_events[i], opcode);	327	put_unaligned_le16(mgmt_untrusted_events[i], opcode);
		328	}
290		329
291	err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,	330	err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,
292	rp, rp_size);	331	rp, rp_size);