colin/ModemManager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

core: replace 'whitelist' with 'allowlist' and 'blacklist' with 'blocklist'

Browse Source 
We keep the 'WHITELIST-ONLY' filter type name still as an option in
--filter-policy=[POLICY], but deprecated and with the better
'ALLOWLIST-ONLY' replacement suggested from now on.
This commit is contained in:
Aleksander Morgado
2021-11-04 22:40:28 +01:00
parent eae2e28577
commit 3444b02932
8 changed files with 101 additions and 97 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
docs/man/ModemManager.8
View File

@@ -25,8 +25,8 @@ from the command line.
Specify which ports are probed and how: Specify which ports are probed and how:
.RS 9 .RS 9
.TP .TP
\fB'WHITELIST-ONLY'\fR \fB'ALLOWLIST-ONLY'\fR
Only devices or ports explicitly whitelisted with the 'ID_MM_DEVICE_PROCESS' udev tag are probed. Only devices or ports explicitly allowlisted with the 'ID_MM_DEVICE_PROCESS' udev tag are probed.
.TP .TP
\fB'STRICT'\fR \fB'STRICT'\fR
Only the TTY ports that are heuristically determined to be very likely to be modem ports are probed. Nay end up ignoring some devices. Only the TTY ports that are heuristically determined to be very likely to be modem ports are probed. Nay end up ignoring some devices.

30
docs/reference/api/ModemManager-overview.xml
View File

@@ -107,7 +107,7 @@
predefined filter policies are based on one or more of these predefined filter rules. predefined filter policies are based on one or more of these predefined filter rules.
<itemizedlist> <itemizedlist>
<listitem> <listitem>
<para><emphasis>MM_FILTER_RULE_EXPLICIT_WHITELIST</emphasis></para> <para><emphasis>MM_FILTER_RULE_EXPLICIT_ALLOWLIST</emphasis></para>
<para> <para>
This filter allows users to manually tag devices and/or device ports with the This filter allows users to manually tag devices and/or device ports with the
<emphasis>ID_MM_DEVICE_PROCESS</emphasis> udev tag. If the filter finds this tag, <emphasis>ID_MM_DEVICE_PROCESS</emphasis> udev tag. If the filter finds this tag,
@@ -115,10 +115,10 @@
will be allowed. will be allowed.
</para> </para>
<programlisting> <programlisting>
$ sudo vim /lib/udev/rules.d/78-mm-whitelist-internal-modem.rules $ sudo vim /lib/udev/rules.d/78-mm-allowlist-internal-modem.rules
ACTION!="add|change|move", GOTO="mm_whitelist_internal_modem_end" ACTION!="add|change|move", GOTO="mm_allowlist_internal_modem_end"
ATTRS{idVendor}=="1199", ATTRS{idProduct}=="a001", ENV{ID_MM_DEVICE_PROCESS}="1" ATTRS{idVendor}=="1199", ATTRS{idProduct}=="a001", ENV{ID_MM_DEVICE_PROCESS}="1"
LABEL="mm_whitelist_internal_modem_end" LABEL="mm_allowlist_internal_modem_end"
// Apply new rules without reboot // Apply new rules without reboot
$ sudo udevadm control --reload $ sudo udevadm control --reload
$ sudo udevadm trigger $ sudo udevadm trigger
@@ -143,10 +143,10 @@ $ sudo udevadm trigger
</programlisting> </programlisting>
</listitem> </listitem>
<listitem> <listitem>
<para><emphasis>MM_FILTER_RULE_PLUGIN_WHITELIST</emphasis></para> <para><emphasis>MM_FILTER_RULE_PLUGIN_ALLOWLIST</emphasis></para>
<para> <para>
This filter will automatically whitelist devices that are explicitly referenced This filter will automatically allowlist devices that are explicitly referenced
by plugins, either with plugin-specific whitelist tags, with exact by plugins, either with plugin-specific allowlist tags, with exact
<emphasis>vid:pid</emphasis> matches, or just with <emphasis>vid</emphasis> matches. <emphasis>vid:pid</emphasis> matches, or just with <emphasis>vid</emphasis> matches.
</para> </para>
</listitem> </listitem>
@@ -279,20 +279,20 @@ $ sudo udevadm trigger
The predefined filter policies are: The predefined filter policies are:
<itemizedlist> <itemizedlist>
<listitem> <listitem>
<para><emphasis>Whitelist only</emphasis></para> <para><emphasis>Allowlist only</emphasis></para>
<para> <para>
This is a policy where only the MM_FILTER_RULE_EXPLICIT_WHITELIST rule is enabled. This is a policy where only the MM_FILTER_RULE_EXPLICIT_ALLOWLIST rule is enabled.
</para> </para>
<programlisting># /usr/sbin/ModemManager --filter-policy=WHITELIST-ONLY</programlisting> <programlisting># /usr/sbin/ModemManager --filter-policy=ALLOWLIST-ONLY</programlisting>
</listitem> </listitem>
<listitem> <listitem>
<para><emphasis>Strict</emphasis></para> <para><emphasis>Strict</emphasis></para>
<para> <para>
This is a policy where the following rules are enabled: This is a policy where the following rules are enabled:
<itemizedlist> <itemizedlist>
<listitem>MM_FILTER_RULE_EXPLICIT_WHITELIST</listitem> <listitem>MM_FILTER_RULE_EXPLICIT_ALLOWLIST</listitem>
<listitem>MM_FILTER_RULE_EXPLICIT_BLACKLIST</listitem> <listitem>MM_FILTER_RULE_EXPLICIT_BLOCKLIST</listitem>
<listitem>MM_FILTER_RULE_PLUGIN_WHITELIST</listitem> <listitem>MM_FILTER_RULE_PLUGIN_ALLOWLIST</listitem>
<listitem>MM_FILTER_RULE_QRTR</listitem> <listitem>MM_FILTER_RULE_QRTR</listitem>
<listitem>MM_FILTER_RULE_VIRTUAL</listitem> <listitem>MM_FILTER_RULE_VIRTUAL</listitem>
<listitem>MM_FILTER_RULE_NET</listitem> <listitem>MM_FILTER_RULE_NET</listitem>
@@ -329,13 +329,13 @@ $ sudo udevadm trigger
/usr/sbin/ModemManager --filter-policy=STRICT</programlisting> /usr/sbin/ModemManager --filter-policy=STRICT</programlisting>
</para> </para>
<para> <para>
E.g. this would launch ModemManager with the Whitelist-only filter policy but also E.g. this would launch ModemManager with the allowlist-only filter policy but also
explicitly allowing all net and cdc-wdm ports. Note that in this case, all virtual explicitly allowing all net and cdc-wdm ports. Note that in this case, all virtual
net ports (e.g. 'lo') are also being allowed. net ports (e.g. 'lo') are also being allowed.
<programlisting> <programlisting>
# MM_FILTER_RULE_NET=1 \ # MM_FILTER_RULE_NET=1 \
MM_FILTER_RULE_USBMISC=1 \ MM_FILTER_RULE_USBMISC=1 \
/usr/sbin/ModemManager --filter-policy=WHITELIST-ONLY</programlisting> /usr/sbin/ModemManager --filter-policy=ALLOWLIST-ONLY</programlisting>
</para> </para>
</listitem> </listitem>
</itemizedlist> </itemizedlist>

6
include/ModemManager-tags.h
View File

@@ -68,8 +68,8 @@
* *
* This is a device-specific tag that allows explicitly requesting the * This is a device-specific tag that allows explicitly requesting the
* processing of all ports exposed by the device. This tag is usually * processing of all ports exposed by the device. This tag is usually
* used by users when the daemon runs with WHITELIST-ONLY filter policy * used by users when the daemon runs with ALLOWLIST-ONLY filter policy
* type, and is associated to the MM_FILTER_RULE_EXPLICIT_WHITELIST rule. * type, and is associated to the MM_FILTER_RULE_EXPLICIT_ALLOWLIST rule.
* *
* This tag may also be specified in specific ports, e.g. when the modem * This tag may also be specified in specific ports, e.g. when the modem
* exposes a single platform port without any parent device. * exposes a single platform port without any parent device.
@@ -87,7 +87,7 @@
* This tag was originally applicable to TTY ports and only when running * This tag was originally applicable to TTY ports and only when running
* in certain filter policy types. Since 1.12, this tag applies to all * in certain filter policy types. Since 1.12, this tag applies to all
* filter types and to all port types (not only TTYs), and is associated * filter types and to all port types (not only TTYs), and is associated
* to the MM_FILTER_RULE_EXPLICIT_BLACKLIST rule. * to the MM_FILTER_RULE_EXPLICIT_BLOCKLIST rule.
* *
* Since: 1.10 * Since: 1.10
*/ */

4
plugins/sierra/mm-common-sierra.c
View File

@@ -144,13 +144,13 @@ gcap_ready (MMPortSerialAt *port,
/* Sierra APPx ports have limited AT command parsers that just reply with /* Sierra APPx ports have limited AT command parsers that just reply with
* "OK" to most commands. These can sometimes be used for PPP while the * "OK" to most commands. These can sometimes be used for PPP while the
* main port is used for status and control, but older modems tend to crash * main port is used for status and control, but older modems tend to crash
* or fail PPP. So we whitelist modems that are known to allow PPP on the * or fail PPP. So we allowlist modems that are known to allow PPP on the
* secondary APP ports. * secondary APP ports.
*/ */
if (strstr (response, "APP1")) { if (strstr (response, "APP1")) {
g_object_set_data (G_OBJECT (probe), TAG_SIERRA_APP_PORT, GUINT_TO_POINTER (TRUE)); g_object_set_data (G_OBJECT (probe), TAG_SIERRA_APP_PORT, GUINT_TO_POINTER (TRUE));
/* PPP-on-APP1-port whitelist */ /* PPP-on-APP1-port allowlist */
if (strstr (response, "C885") || if (strstr (response, "C885") ||
strstr (response, "USB 306") || strstr (response, "USB 306") ||
strstr (response, "MC8790")) strstr (response, "MC8790"))

10
src/mm-context.c
View File

@@ -48,8 +48,12 @@ filter_policy_option_arg (const gchar *option_name,
gpointer data, gpointer data,
GError **error) GError **error)
{ {
if (!g_ascii_strcasecmp (value, "whitelist-only")) { if (!g_ascii_strcasecmp (value, "allowlist-only")
filter_policy = MM_FILTER_POLICY_WHITELIST_ONLY; #ifndef MM_DISABLE_DEPRECATED
|| !g_ascii_strcasecmp (value, "whitelist-only")
#endif
) {
filter_policy = MM_FILTER_POLICY_ALLOWLIST_ONLY;
return TRUE; return TRUE;
} }
@@ -67,7 +71,7 @@ filter_policy_option_arg (const gchar *option_name,
static const GOptionEntry entries[] = { static const GOptionEntry entries[] = {
{ {
"filter-policy", 0, 0, G_OPTION_ARG_CALLBACK, filter_policy_option_arg, "filter-policy", 0, 0, G_OPTION_ARG_CALLBACK, filter_policy_option_arg,
"Filter policy: one of WHITELIST-ONLY, STRICT", "Filter policy: one of ALLOWLIST-ONLY, STRICT",
"[POLICY]" "[POLICY]"
}, },
{ {

94
src/mm-filter.c
View File

@@ -38,67 +38,67 @@ enum {
struct _MMFilterPrivate { struct _MMFilterPrivate {
MMFilterRule enabled_rules; MMFilterRule enabled_rules;
GList *plugin_whitelist_tags; GList *plugin_allowlist_tags;
GArray *plugin_whitelist_vendor_ids; GArray *plugin_allowlist_vendor_ids;
GArray *plugin_whitelist_product_ids; GArray *plugin_allowlist_product_ids;
}; };
/*****************************************************************************/ /*****************************************************************************/
void void
mm_filter_register_plugin_whitelist_tag (MMFilter *self, mm_filter_register_plugin_allowlist_tag (MMFilter *self,
const gchar *tag) const gchar *tag)
{ {
if (!g_list_find_custom (self->priv->plugin_whitelist_tags, tag, (GCompareFunc) g_strcmp0)) { if (!g_list_find_custom (self->priv->plugin_allowlist_tags, tag, (GCompareFunc) g_strcmp0)) {
mm_obj_dbg (self, "registered plugin whitelist tag: %s", tag); mm_obj_dbg (self, "registered plugin allowlist tag: %s", tag);
self->priv->plugin_whitelist_tags = g_list_prepend (self->priv->plugin_whitelist_tags, g_strdup (tag)); self->priv->plugin_allowlist_tags = g_list_prepend (self->priv->plugin_allowlist_tags, g_strdup (tag));
} }
} }
void void
mm_filter_register_plugin_whitelist_vendor_id (MMFilter *self, mm_filter_register_plugin_allowlist_vendor_id (MMFilter *self,
guint16 vid) guint16 vid)
{ {
guint i; guint i;
if (!self->priv->plugin_whitelist_vendor_ids) if (!self->priv->plugin_allowlist_vendor_ids)
self->priv->plugin_whitelist_vendor_ids = g_array_sized_new (FALSE, FALSE, sizeof (guint16), 64); self->priv->plugin_allowlist_vendor_ids = g_array_sized_new (FALSE, FALSE, sizeof (guint16), 64);
for (i = 0; i < self->priv->plugin_whitelist_vendor_ids->len; i++) { for (i = 0; i < self->priv->plugin_allowlist_vendor_ids->len; i++) {
guint16 item; guint16 item;
item = g_array_index (self->priv->plugin_whitelist_vendor_ids, guint16, i); item = g_array_index (self->priv->plugin_allowlist_vendor_ids, guint16, i);
if (item == vid) if (item == vid)
return; return;
} }
g_array_append_val (self->priv->plugin_whitelist_vendor_ids, vid); g_array_append_val (self->priv->plugin_allowlist_vendor_ids, vid);
mm_obj_dbg (self, "registered plugin whitelist vendor id: %04x", vid); mm_obj_dbg (self, "registered plugin allowlist vendor id: %04x", vid);
} }
void void
mm_filter_register_plugin_whitelist_product_id (MMFilter *self, mm_filter_register_plugin_allowlist_product_id (MMFilter *self,
guint16 vid, guint16 vid,
guint16 pid) guint16 pid)
{ {
mm_uint16_pair new_item; mm_uint16_pair new_item;
guint i; guint i;
if (!self->priv->plugin_whitelist_product_ids) if (!self->priv->plugin_allowlist_product_ids)
self->priv->plugin_whitelist_product_ids = g_array_sized_new (FALSE, FALSE, sizeof (mm_uint16_pair), 10); self->priv->plugin_allowlist_product_ids = g_array_sized_new (FALSE, FALSE, sizeof (mm_uint16_pair), 10);
for (i = 0; i < self->priv->plugin_whitelist_product_ids->len; i++) { for (i = 0; i < self->priv->plugin_allowlist_product_ids->len; i++) {
mm_uint16_pair *item; mm_uint16_pair *item;
item = &g_array_index (self->priv->plugin_whitelist_product_ids, mm_uint16_pair, i); item = &g_array_index (self->priv->plugin_allowlist_product_ids, mm_uint16_pair, i);
if (item->l == vid && item->r == pid) if (item->l == vid && item->r == pid)
return; return;
} }
new_item.l = vid; new_item.l = vid;
new_item.r = pid; new_item.r = pid;
g_array_append_val (self->priv->plugin_whitelist_product_ids, new_item); g_array_append_val (self->priv->plugin_allowlist_product_ids, new_item);
mm_obj_dbg (self, "registered plugin whitelist product id: %04x:%04x", vid, pid); mm_obj_dbg (self, "registered plugin allowlist product id: %04x:%04x", vid, pid);
} }
/*****************************************************************************/ /*****************************************************************************/
@@ -114,33 +114,33 @@ mm_filter_port (MMFilter *self,
subsystem = mm_kernel_device_get_subsystem (port); subsystem = mm_kernel_device_get_subsystem (port);
name = mm_kernel_device_get_name (port); name = mm_kernel_device_get_name (port);
/* If the device is explicitly whitelisted, we process every port. Also /* If the device is explicitly allowlisted, we process every port. Also
* allow specifying this flag per-port instead of for the full device, e.g. * allow specifying this flag per-port instead of for the full device, e.g.
* for platform tty ports where there's only one port anyway. */ * for platform tty ports where there's only one port anyway. */
if ((self->priv->enabled_rules & MM_FILTER_RULE_EXPLICIT_WHITELIST) && if ((self->priv->enabled_rules & MM_FILTER_RULE_EXPLICIT_ALLOWLIST) &&
(mm_kernel_device_get_global_property_as_boolean (port, ID_MM_DEVICE_PROCESS) || (mm_kernel_device_get_global_property_as_boolean (port, ID_MM_DEVICE_PROCESS) ||
mm_kernel_device_get_property_as_boolean (port, ID_MM_DEVICE_PROCESS))) { mm_kernel_device_get_property_as_boolean (port, ID_MM_DEVICE_PROCESS))) {
mm_obj_dbg (self, "(%s/%s) port allowed: device is whitelisted", subsystem, name); mm_obj_dbg (self, "(%s/%s) port allowed: device is allowlisted", subsystem, name);
return TRUE; return TRUE;
} }
/* If the device is explicitly blacklisted, we ignore every port. */ /* If the device is explicitly blacklisted, we ignore every port. */
if ((self->priv->enabled_rules & MM_FILTER_RULE_EXPLICIT_BLACKLIST) && if ((self->priv->enabled_rules & MM_FILTER_RULE_EXPLICIT_BLOCKLIST) &&
(mm_kernel_device_get_global_property_as_boolean (port, ID_MM_DEVICE_IGNORE))) { (mm_kernel_device_get_global_property_as_boolean (port, ID_MM_DEVICE_IGNORE))) {
mm_obj_dbg (self, "(%s/%s): port filtered: device is blacklisted", subsystem, name); mm_obj_dbg (self, "(%s/%s): port filtered: device is blocklisted", subsystem, name);
return FALSE; return FALSE;
} }
/* If the device is whitelisted by a plugin, we allow it. */ /* If the device is allowlisted by a plugin, we allow it. */
if (self->priv->enabled_rules & MM_FILTER_RULE_PLUGIN_WHITELIST) { if (self->priv->enabled_rules & MM_FILTER_RULE_PLUGIN_ALLOWLIST) {
GList *l; GList *l;
guint16 vid = 0; guint16 vid = 0;
guint16 pid = 0; guint16 pid = 0;
for (l = self->priv->plugin_whitelist_tags; l; l = g_list_next (l)) { for (l = self->priv->plugin_allowlist_tags; l; l = g_list_next (l)) {
if (mm_kernel_device_get_global_property_as_boolean (port, (const gchar *)(l->data)) || if (mm_kernel_device_get_global_property_as_boolean (port, (const gchar *)(l->data)) ||
mm_kernel_device_get_property_as_boolean (port, (const gchar *)(l->data))) { mm_kernel_device_get_property_as_boolean (port, (const gchar *)(l->data))) {
mm_obj_dbg (self, "(%s/%s) port allowed: device is whitelisted by plugin (tag)", subsystem, name); mm_obj_dbg (self, "(%s/%s) port allowed: device is allowlisted by plugin (tag)", subsystem, name);
return TRUE; return TRUE;
} }
} }
@@ -149,29 +149,29 @@ mm_filter_port (MMFilter *self,
if (vid) if (vid)
pid = mm_kernel_device_get_physdev_pid (port); pid = mm_kernel_device_get_physdev_pid (port);
if (vid && pid && self->priv->plugin_whitelist_product_ids) { if (vid && pid && self->priv->plugin_allowlist_product_ids) {
guint i; guint i;
for (i = 0; i < self->priv->plugin_whitelist_product_ids->len; i++) { for (i = 0; i < self->priv->plugin_allowlist_product_ids->len; i++) {
mm_uint16_pair *item; mm_uint16_pair *item;
item = &g_array_index (self->priv->plugin_whitelist_product_ids, mm_uint16_pair, i); item = &g_array_index (self->priv->plugin_allowlist_product_ids, mm_uint16_pair, i);
if (item->l == vid && item->r == pid) { if (item->l == vid && item->r == pid) {
mm_obj_dbg (self, "(%s/%s) port allowed: device is whitelisted by plugin (vid/pid)", subsystem, name); mm_obj_dbg (self, "(%s/%s) port allowed: device is allowlisted by plugin (vid/pid)", subsystem, name);
return TRUE; return TRUE;
} }
} }
} }
if (vid && self->priv->plugin_whitelist_vendor_ids) { if (vid && self->priv->plugin_allowlist_vendor_ids) {
guint i; guint i;
for (i = 0; i < self->priv->plugin_whitelist_vendor_ids->len; i++) { for (i = 0; i < self->priv->plugin_allowlist_vendor_ids->len; i++) {
guint16 item; guint16 item;
item = g_array_index (self->priv->plugin_whitelist_vendor_ids, guint16, i); item = g_array_index (self->priv->plugin_allowlist_vendor_ids, guint16, i);
if (item == vid) { if (item == vid) {
mm_obj_dbg (self, "(%s/%s) port allowed: device is whitelisted by plugin (vid)", subsystem, name); mm_obj_dbg (self, "(%s/%s) port allowed: device is allowlisted by plugin (vid)", subsystem, name);
return TRUE; return TRUE;
} }
} }
@@ -228,9 +228,9 @@ mm_filter_port (MMFilter *self,
const gchar *physdev_subsystem; const gchar *physdev_subsystem;
const gchar *driver; const gchar *driver;
/* Mixed blacklist/whitelist rules */ /* Mixed blocklist/allowlist rules */
/* If the physdev is a 'platform' or 'pnp' device that's not whitelisted, ignore it */ /* If the physdev is a 'platform' or 'pnp' device that's not allowlisted, ignore it */
physdev_subsystem = mm_kernel_device_get_physdev_subsystem (port); physdev_subsystem = mm_kernel_device_get_physdev_subsystem (port);
if ((self->priv->enabled_rules & MM_FILTER_RULE_TTY_PLATFORM_DRIVER) && if ((self->priv->enabled_rules & MM_FILTER_RULE_TTY_PLATFORM_DRIVER) &&
(!g_strcmp0 (physdev_subsystem, "platform") || (!g_strcmp0 (physdev_subsystem, "platform") ||
@@ -241,7 +241,7 @@ mm_filter_port (MMFilter *self,
return FALSE; return FALSE;
} }
/* Whitelist rules last */ /* Allowlist rules last */
/* If the TTY kernel driver is one expected modem kernel driver, allow it */ /* If the TTY kernel driver is one expected modem kernel driver, allow it */
driver = mm_kernel_device_get_driver (port); driver = mm_kernel_device_get_driver (port);
@@ -440,9 +440,9 @@ mm_filter_new (MMFilterRule enabled_rules,
#define RULE_ENABLED_STR(flag) ((self->priv->enabled_rules & flag) ? "yes" : "no") #define RULE_ENABLED_STR(flag) ((self->priv->enabled_rules & flag) ? "yes" : "no")
mm_obj_dbg (self, "created"); mm_obj_dbg (self, "created");
mm_obj_dbg (self, " explicit whitelist: %s", RULE_ENABLED_STR (MM_FILTER_RULE_EXPLICIT_WHITELIST)); mm_obj_dbg (self, " explicit allowlist: %s", RULE_ENABLED_STR (MM_FILTER_RULE_EXPLICIT_ALLOWLIST));
mm_obj_dbg (self, " explicit blacklist: %s", RULE_ENABLED_STR (MM_FILTER_RULE_EXPLICIT_BLACKLIST)); mm_obj_dbg (self, " explicit blocklist: %s", RULE_ENABLED_STR (MM_FILTER_RULE_EXPLICIT_BLOCKLIST));
mm_obj_dbg (self, " plugin whitelist: %s", RULE_ENABLED_STR (MM_FILTER_RULE_PLUGIN_WHITELIST)); mm_obj_dbg (self, " plugin allowlist: %s", RULE_ENABLED_STR (MM_FILTER_RULE_PLUGIN_ALLOWLIST));
mm_obj_dbg (self, " qrtr devices allowed: %s", RULE_ENABLED_STR (MM_FILTER_RULE_QRTR)); mm_obj_dbg (self, " qrtr devices allowed: %s", RULE_ENABLED_STR (MM_FILTER_RULE_QRTR));
mm_obj_dbg (self, " virtual devices forbidden: %s", RULE_ENABLED_STR (MM_FILTER_RULE_VIRTUAL)); mm_obj_dbg (self, " virtual devices forbidden: %s", RULE_ENABLED_STR (MM_FILTER_RULE_VIRTUAL));
mm_obj_dbg (self, " net devices allowed: %s", RULE_ENABLED_STR (MM_FILTER_RULE_NET)); mm_obj_dbg (self, " net devices allowed: %s", RULE_ENABLED_STR (MM_FILTER_RULE_NET));
@@ -514,9 +514,9 @@ finalize (GObject *object)
{ {
MMFilter *self = MM_FILTER (object); MMFilter *self = MM_FILTER (object);
g_clear_pointer (&self->priv->plugin_whitelist_vendor_ids, g_array_unref); g_clear_pointer (&self->priv->plugin_allowlist_vendor_ids, g_array_unref);
g_clear_pointer (&self->priv->plugin_whitelist_product_ids, g_array_unref); g_clear_pointer (&self->priv->plugin_allowlist_product_ids, g_array_unref);
g_list_free_full (self->priv->plugin_whitelist_tags, g_free); g_list_free_full (self->priv->plugin_allowlist_tags, g_free);
G_OBJECT_CLASS (mm_filter_parent_class)->finalize (object); G_OBJECT_CLASS (mm_filter_parent_class)->finalize (object);
} }

24
src/mm-filter.h
View File

@@ -47,9 +47,9 @@ G_DEFINE_AUTOPTR_CLEANUP_FUNC (MMFilter, g_object_unref)
typedef enum { /*< underscore_name=mm_filter_rule >*/ typedef enum { /*< underscore_name=mm_filter_rule >*/
MM_FILTER_RULE_NONE = 0, MM_FILTER_RULE_NONE = 0,
MM_FILTER_RULE_EXPLICIT_WHITELIST = 1 << 0, MM_FILTER_RULE_EXPLICIT_ALLOWLIST = 1 << 0,
MM_FILTER_RULE_EXPLICIT_BLACKLIST = 1 << 1, MM_FILTER_RULE_EXPLICIT_BLOCKLIST = 1 << 1,
MM_FILTER_RULE_PLUGIN_WHITELIST = 1 << 2, MM_FILTER_RULE_PLUGIN_ALLOWLIST = 1 << 2,
MM_FILTER_RULE_QRTR = 1 << 3, MM_FILTER_RULE_QRTR = 1 << 3,
MM_FILTER_RULE_VIRTUAL = 1 << 4, MM_FILTER_RULE_VIRTUAL = 1 << 4,
MM_FILTER_RULE_NET = 1 << 5, MM_FILTER_RULE_NET = 1 << 5,
@@ -65,11 +65,11 @@ typedef enum { /*< underscore_name=mm_filter_rule >*/
} MMFilterRule; } MMFilterRule;
/* This is a stricter policy which will only automatically probe device ports /* This is a stricter policy which will only automatically probe device ports
* if they are allowed by any of the automatic whitelist rules. */ * if they are allowed by any of the automatic allowlist rules. */
#define MM_FILTER_POLICY_STRICT \ #define MM_FILTER_POLICY_STRICT \
(MM_FILTER_RULE_EXPLICIT_WHITELIST | \ (MM_FILTER_RULE_EXPLICIT_ALLOWLIST | \
MM_FILTER_RULE_EXPLICIT_BLACKLIST | \ MM_FILTER_RULE_EXPLICIT_BLOCKLIST | \
MM_FILTER_RULE_PLUGIN_WHITELIST | \ MM_FILTER_RULE_PLUGIN_ALLOWLIST | \
MM_FILTER_RULE_QRTR | \ MM_FILTER_RULE_QRTR | \
MM_FILTER_RULE_VIRTUAL | \ MM_FILTER_RULE_VIRTUAL | \
MM_FILTER_RULE_NET | \ MM_FILTER_RULE_NET | \
@@ -83,9 +83,9 @@ typedef enum { /*< underscore_name=mm_filter_rule >*/
MM_FILTER_RULE_TTY_WITH_NET | \ MM_FILTER_RULE_TTY_WITH_NET | \
MM_FILTER_RULE_TTY_DEFAULT_FORBIDDEN) MM_FILTER_RULE_TTY_DEFAULT_FORBIDDEN)
/* This policy only allows using device ports explicitly whitelisted via /* This policy only allows using device ports explicitly allowlisted via
* udev rules. i.e. ModemManager won't do any kind of automatic probing. */ * udev rules. i.e. ModemManager won't do any kind of automatic probing. */
#define MM_FILTER_POLICY_WHITELIST_ONLY MM_FILTER_RULE_EXPLICIT_WHITELIST #define MM_FILTER_POLICY_ALLOWLIST_ONLY MM_FILTER_RULE_EXPLICIT_ALLOWLIST
/* The strict policy has all supported rules */ /* The strict policy has all supported rules */
#define MM_FILTER_RULE_ALL MM_FILTER_POLICY_STRICT #define MM_FILTER_RULE_ALL MM_FILTER_POLICY_STRICT
@@ -101,11 +101,11 @@ gboolean mm_filter_device_and_port (MMFilter *self,
MMDevice *device, MMDevice *device,
MMKernelDevice *port); MMKernelDevice *port);
void mm_filter_register_plugin_whitelist_tag (MMFilter *self, void mm_filter_register_plugin_allowlist_tag (MMFilter *self,
const gchar *tag); const gchar *tag);
void mm_filter_register_plugin_whitelist_vendor_id (MMFilter *self, void mm_filter_register_plugin_allowlist_vendor_id (MMFilter *self,
guint16 vid); guint16 vid);
void mm_filter_register_plugin_whitelist_product_id (MMFilter *self, void mm_filter_register_plugin_allowlist_product_id (MMFilter *self,
guint16 vid, guint16 vid,
guint16 pid); guint16 pid);

26
src/mm-plugin-manager.c
View File

@@ -1614,48 +1614,48 @@ mm_plugin_manager_get_subsystems (MMPluginManager *self)
/*****************************************************************************/ /*****************************************************************************/
static void static void
register_plugin_whitelist_tags (MMPluginManager *self, register_plugin_allowlist_tags (MMPluginManager *self,
MMPlugin *plugin) MMPlugin *plugin)
{ {
const gchar **tags; const gchar **tags;
guint i; guint i;
if (!mm_filter_check_rule_enabled (self->priv->filter, MM_FILTER_RULE_PLUGIN_WHITELIST)) if (!mm_filter_check_rule_enabled (self->priv->filter, MM_FILTER_RULE_PLUGIN_ALLOWLIST))
return; return;
tags = mm_plugin_get_allowed_udev_tags (plugin); tags = mm_plugin_get_allowed_udev_tags (plugin);
for (i = 0; tags && tags[i]; i++) for (i = 0; tags && tags[i]; i++)
mm_filter_register_plugin_whitelist_tag (self->priv->filter, tags[i]); mm_filter_register_plugin_allowlist_tag (self->priv->filter, tags[i]);
} }
static void static void
register_plugin_whitelist_vendor_ids (MMPluginManager *self, register_plugin_allowlist_vendor_ids (MMPluginManager *self,
MMPlugin *plugin) MMPlugin *plugin)
{ {
const guint16 *vendor_ids; const guint16 *vendor_ids;
guint i; guint i;
if (!mm_filter_check_rule_enabled (self->priv->filter, MM_FILTER_RULE_PLUGIN_WHITELIST)) if (!mm_filter_check_rule_enabled (self->priv->filter, MM_FILTER_RULE_PLUGIN_ALLOWLIST))
return; return;
vendor_ids = mm_plugin_get_allowed_vendor_ids (plugin); vendor_ids = mm_plugin_get_allowed_vendor_ids (plugin);
for (i = 0; vendor_ids && vendor_ids[i]; i++) for (i = 0; vendor_ids && vendor_ids[i]; i++)
mm_filter_register_plugin_whitelist_vendor_id (self->priv->filter, vendor_ids[i]); mm_filter_register_plugin_allowlist_vendor_id (self->priv->filter, vendor_ids[i]);
} }
static void static void
register_plugin_whitelist_product_ids (MMPluginManager *self, register_plugin_allowlist_product_ids (MMPluginManager *self,
MMPlugin *plugin) MMPlugin *plugin)
{ {
const mm_uint16_pair *product_ids; const mm_uint16_pair *product_ids;
guint i; guint i;
if (!mm_filter_check_rule_enabled (self->priv->filter, MM_FILTER_RULE_PLUGIN_WHITELIST)) if (!mm_filter_check_rule_enabled (self->priv->filter, MM_FILTER_RULE_PLUGIN_ALLOWLIST))
return; return;
product_ids = mm_plugin_get_allowed_product_ids (plugin); product_ids = mm_plugin_get_allowed_product_ids (plugin);
for (i = 0; product_ids && product_ids[i].l; i++) for (i = 0; product_ids && product_ids[i].l; i++)
mm_filter_register_plugin_whitelist_product_id (self->priv->filter, product_ids[i].l, product_ids[i].r); mm_filter_register_plugin_allowlist_product_id (self->priv->filter, product_ids[i].l, product_ids[i].r);
} }
static MMPlugin * static MMPlugin *
@@ -1860,10 +1860,10 @@ load_plugins (MMPluginManager *self,
g_ptr_array_add (subsystems, g_strdup (plugin_subsystems[i])); g_ptr_array_add (subsystems, g_strdup (plugin_subsystems[i]));
} }
/* Register plugin whitelist rules in filter, if any */ /* Register plugin allowlist rules in filter, if any */
register_plugin_whitelist_tags (self, plugin); register_plugin_allowlist_tags (self, plugin);
register_plugin_whitelist_vendor_ids (self, plugin); register_plugin_allowlist_vendor_ids (self, plugin);
register_plugin_whitelist_product_ids (self, plugin); register_plugin_allowlist_product_ids (self, plugin);
} }
/* Check the generic plugin once all looped */ /* Check the generic plugin once all looped */