filter: additional strict rules when all device ports available

All the previous filter rules were applicable per-port independently. But, we also want to apply rules on a port based on the existence of other ports on the same device (e.g. allow TTY if the device also has a NET port). In this case, we need to wait for all ports to appear and then apply the additional rules. We re-use the "min wait time" timeout in the plugin-manager for this same purpose. This timeout is setup to wait for ports to appear before starting the probing process (e.g. so that plugin filters like the forbidden-drivers one work). The very same timeout can therefore be used to check whether we start the probing or not based on additional filter rules.
2017-10-17 12:53:58 +02:00
parent ee570d44dc
commit 0850fe4f6d
5 changed files with 95 additions and 10 deletions
--- a/src/mm-filter.c
+++ b/src/mm-filter.c
@@ -20,6 +20,8 @@
 #include "mm-filter.h"
 #include "mm-log.h"

+#define FILTER_PORT_MAYBE_FORBIDDEN "maybe-forbidden"
+
 G_DEFINE_TYPE (MMFilter, mm_filter, G_TYPE_OBJECT)

 enum {
@@ -142,10 +144,10 @@ mm_filter_port (MMFilter        *self,
            return TRUE;
        }

-        /* Default forbidden? */
+        /* Default forbidden? flag the port as maybe-forbidden, and go on */
        if (self->priv->enabled_rules & MM_FILTER_RULE_TTY_DEFAULT_FORBIDDEN) {
-            mm_dbg ("[filter] (%s/%s) port forbidden", subsystem, name);
-            return FALSE;
+            g_object_set_data (G_OBJECT (port), FILTER_PORT_MAYBE_FORBIDDEN, GUINT_TO_POINTER (TRUE));
+            return TRUE;
        }

        g_assert_not_reached ();
@@ -156,6 +158,40 @@ mm_filter_port (MMFilter        *self,
    return FALSE;
 }

+/*****************************************************************************/
+
+gboolean
+mm_filter_device_and_port (MMFilter       *self,
+                           MMDevice       *device,
+                           MMKernelDevice *port)
+{
+    const gchar *subsystem;
+    const gchar *name;
+
+    /* If it wasn't flagged as maybe forbidden, there's nothing to do */
+    if (!GPOINTER_TO_UINT (g_object_get_data (G_OBJECT (port), FILTER_PORT_MAYBE_FORBIDDEN)))
+        return TRUE;
+
+    subsystem = mm_kernel_device_get_subsystem (port);
+    name      = mm_kernel_device_get_name      (port);
+
+    /* Check whether this device holds a NET port in addition to this TTY */
+    if (self->priv->enabled_rules & MM_FILTER_RULE_TTY_WITH_NET) {
+        GList *l;
+
+        for (l = mm_device_peek_port_probe_list (device); l; l = g_list_next (l)) {
+            if (!g_strcmp0 (mm_port_probe_get_port_subsys (MM_PORT_PROBE (l->data)), "net")) {
+                mm_dbg ("[filter] (%s/%s): port allowed: device also exports a net interface (%s)",
+                        subsystem, name, mm_port_probe_get_port_name (MM_PORT_PROBE (l->data)));
+                return TRUE;
+            }
+        }
+    }
+
+    mm_dbg ("[filter] (%s/%s) port filtered: forbidden", subsystem, name);
+    return FALSE;
+}
+
 /*****************************************************************************/
 /* Use filter rule names as environment variables to control them on startup:
 *  - MM_FILTER_RULE_XXX=1 to explicitly enable the rule.
@@ -235,6 +271,7 @@ mm_filter_new (MMFilterRule   enabled_rules,
        mm_dbg ("[filter]       platform driver check:    %s", RULE_ENABLED_STR (MM_FILTER_RULE_TTY_PLATFORM_DRIVER));
        mm_dbg ("[filter]       driver check:             %s", RULE_ENABLED_STR (MM_FILTER_RULE_TTY_DRIVER));
        mm_dbg ("[filter]       cdc-acm interface check:  %s", RULE_ENABLED_STR (MM_FILTER_RULE_TTY_ACM_INTERFACE));
+        mm_dbg ("[filter]       with net check:           %s", RULE_ENABLED_STR (MM_FILTER_RULE_TTY_WITH_NET));
        if (self->priv->enabled_rules & MM_FILTER_RULE_TTY_DEFAULT_ALLOWED)
            mm_dbg ("[filter]       default:                  allowed");
        else if (self->priv->enabled_rules & MM_FILTER_RULE_TTY_DEFAULT_FORBIDDEN)