colin/ModemManager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

filter: new object to run the port/device filter logic

Browse Source 
This new object allows configuring the filter rules applied to the
device ports. By default, for now, it implements the same rules as the
MMKernelDevice is_candidate() method, which is obsoleted.
This commit is contained in:
Aleksander Morgado
2017-10-12 22:07:38 +02:00
parent d04f98d966
commit 4e26661e67
6 changed files with 306 additions and 72 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/Makefile.am
View File

@@ -128,6 +128,7 @@ endif
BUILT_SOURCES += $(HELPER_ENUMS_GENERATED) BUILT_SOURCES += $(HELPER_ENUMS_GENERATED)
CLEANFILES += $(HELPER_ENUMS_GENERATED) CLEANFILES += $(HELPER_ENUMS_GENERATED)
################################################################################ ################################################################################
# kerneldevice library # kerneldevice library
################################################################################ ################################################################################
@@ -236,6 +237,7 @@ CLEANFILES += $(PORT_ENUMS_GENERATED)
sbin_PROGRAMS += ModemManager sbin_PROGRAMS += ModemManager
DAEMON_ENUMS_INPUTS = \ DAEMON_ENUMS_INPUTS = \
$(srcdir)/mm-filter.h \
$(srcdir)/mm-base-bearer.h \ $(srcdir)/mm-base-bearer.h \
$(srcdir)/mm-port-probe.h \ $(srcdir)/mm-port-probe.h \
$(NULL) $(NULL)
@@ -247,7 +249,7 @@ DAEMON_ENUMS_GENERATED = \
mm-daemon-enums-types.h: Makefile.am $(DAEMON_ENUMS_INPUTS) $(top_srcdir)/build-aux/mm-enums-template.h mm-daemon-enums-types.h: Makefile.am $(DAEMON_ENUMS_INPUTS) $(top_srcdir)/build-aux/mm-enums-template.h
$(AM_V_GEN) $(GLIB_MKENUMS) \ $(AM_V_GEN) $(GLIB_MKENUMS) \
--fhead "#include \"mm-base-bearer.h\"\n#include \"mm-port-probe.h\"\n#ifndef __MM_DAEMON_ENUMS_TYPES_H__\n#define __MM_DAEMON_ENUMS_TYPES_H__\n" \ --fhead "#include \"mm-filter.h\"\n#include \"mm-base-bearer.h\"\n#include \"mm-port-probe.h\"\n#ifndef __MM_DAEMON_ENUMS_TYPES_H__\n#define __MM_DAEMON_ENUMS_TYPES_H__\n" \
--template $(top_srcdir)/build-aux/mm-enums-template.h \ --template $(top_srcdir)/build-aux/mm-enums-template.h \
--ftail "#endif /* __MM_DAEMON_ENUMS_TYPES_H__ */\n" \ --ftail "#endif /* __MM_DAEMON_ENUMS_TYPES_H__ */\n" \
$(DAEMON_ENUMS_INPUTS) > $@ $(DAEMON_ENUMS_INPUTS) > $@
@@ -286,6 +288,8 @@ ModemManager_SOURCES = \
mm-auth.c \ mm-auth.c \
mm-auth-provider.h \ mm-auth-provider.h \
mm-auth-provider.c \ mm-auth-provider.c \
mm-filter.h \
mm-filter.c \
mm-base-manager.c \ mm-base-manager.c \
mm-base-manager.h \ mm-base-manager.h \
mm-device.c \ mm-device.c \

67
src/kerneldevice/mm-kernel-device.c
View File

@@ -123,73 +123,6 @@ mm_kernel_device_get_physdev_manufacturer (MMKernelDevice *self)
NULL); NULL);
} }
gboolean
mm_kernel_device_is_candidate (MMKernelDevice *self,
gboolean manual_scan)
{
const gchar *physdev_subsys;
const gchar *name;
const gchar *subsys;
g_return_val_if_fail (MM_IS_KERNEL_DEVICE (self), FALSE);
name = mm_kernel_device_get_name (self);
subsys = mm_kernel_device_get_subsystem (self);
/* ignore VTs */
if (strncmp (name, "tty", 3) == 0 && g_ascii_isdigit (name[3]))
return FALSE;
/* Ignore devices that aren't completely configured by udev yet. If
* ModemManager is started in parallel with udev, explicitly requesting
* devices may return devices for which not all udev rules have yet been
* applied (a bug in udev/gudev). Since we often need those rules to match
* the device to a specific ModemManager driver, we need to ensure that all
* rules have been processed before handling a device.
*
* This udev tag applies to each port in a device. In other words, the flag
* may be set in some ports, but not in others */
if (!mm_kernel_device_get_property_as_boolean (self, "ID_MM_CANDIDATE"))
return FALSE;
/* Don't process device if no sysfs path */
if (!mm_kernel_device_get_physdev_sysfs_path (self)) {
/* Log about it, but filter out some common ports that we know don't have
* anything to do with mobile broadband.
*/
if ( strcmp (name, "console")
&& strcmp (name, "ptmx")
&& strcmp (name, "lo")
&& strcmp (name, "tty")
&& !strstr (name, "virbr"))
mm_dbg ("(%s/%s): could not get port's parent device", subsys, name);
return FALSE;
}
/* Ignore blacklisted devices. */
if (mm_kernel_device_get_global_property_as_boolean (MM_KERNEL_DEVICE (self), "ID_MM_DEVICE_IGNORE")) {
mm_dbg ("(%s/%s): device is blacklisted", subsys, name);
return FALSE;
}
/* Is the device in the manual-only greylist? If so, return if this is an
* automatic scan. */
if (!manual_scan && mm_kernel_device_get_global_property_as_boolean (MM_KERNEL_DEVICE (self), "ID_MM_DEVICE_MANUAL_SCAN_ONLY")) {
mm_dbg ("(%s/%s): device probed only in manual scan", subsys, name);
return FALSE;
}
/* If the physdev is a 'platform' or 'pnp' device that's not whitelisted, ignore it */
physdev_subsys = mm_kernel_device_get_physdev_subsystem (MM_KERNEL_DEVICE (self));
if ((!g_strcmp0 (physdev_subsys, "platform") || !g_strcmp0 (physdev_subsys, "pnp")) &&
(!mm_kernel_device_get_global_property_as_boolean (MM_KERNEL_DEVICE (self), "ID_MM_PLATFORM_DRIVER_PROBE"))) {
mm_dbg ("(%s/%s): port's parent platform driver is not whitelisted", subsys, name);
return FALSE;
}
return TRUE;
}
const gchar * const gchar *
mm_kernel_device_get_parent_sysfs_path (MMKernelDevice *self) mm_kernel_device_get_parent_sysfs_path (MMKernelDevice *self)
{ {

3
src/kerneldevice/mm-kernel-device.h
View File

@@ -80,9 +80,6 @@ const gchar *mm_kernel_device_get_name (MMKernelDevice *self);
const gchar *mm_kernel_device_get_driver (MMKernelDevice *self); const gchar *mm_kernel_device_get_driver (MMKernelDevice *self);
const gchar *mm_kernel_device_get_sysfs_path (MMKernelDevice *self); const gchar *mm_kernel_device_get_sysfs_path (MMKernelDevice *self);
gboolean mm_kernel_device_is_candidate (MMKernelDevice *self,
gboolean manual_scan);
const gchar *mm_kernel_device_get_parent_sysfs_path (MMKernelDevice *self); const gchar *mm_kernel_device_get_parent_sysfs_path (MMKernelDevice *self);
const gchar *mm_kernel_device_get_physdev_uid (MMKernelDevice *self); const gchar *mm_kernel_device_get_physdev_uid (MMKernelDevice *self);

31
src/mm-base-manager.c
View File

@@ -39,6 +39,7 @@
#include "mm-plugin-manager.h" #include "mm-plugin-manager.h"
#include "mm-auth.h" #include "mm-auth.h"
#include "mm-plugin.h" #include "mm-plugin.h"
#include "mm-filter.h"
#include "mm-log.h" #include "mm-log.h"
static void initable_iface_init (GInitableIface *iface); static void initable_iface_init (GInitableIface *iface);
@@ -73,6 +74,8 @@ struct _MMBaseManagerPrivate {
GCancellable *authp_cancellable; GCancellable *authp_cancellable;
/* The Plugin Manager object */ /* The Plugin Manager object */
MMPluginManager *plugin_manager; MMPluginManager *plugin_manager;
/* The port/device filter */
MMFilter *filter;
/* The container of devices being prepared */ /* The container of devices being prepared */
GHashTable *devices; GHashTable *devices;
/* The Object Manager server */ /* The Object Manager server */
@@ -286,7 +289,16 @@ device_added (MMBaseManager *manager,
mm_kernel_device_get_name (port), mm_kernel_device_get_name (port),
mm_kernel_device_get_sysfs_path (port)); mm_kernel_device_get_sysfs_path (port));
if (!mm_kernel_device_is_candidate (port, manual_scan)) { /* Ignore devices that aren't completely configured by udev yet. If
* ModemManager is started in parallel with udev, explicitly requesting
* devices may return devices for which not all udev rules have yet been
* applied (a bug in udev/gudev). Since we often need those rules to match
* the device to a specific ModemManager driver, we need to ensure that all
* rules have been processed before handling a device.
*
* This udev tag applies to each port in a device. In other words, the flag
* may be set in some ports, but not in others */
if (!mm_kernel_device_get_property_as_boolean (port, "ID_MM_CANDIDATE")) {
/* This could mean that device changed, losing its ID_MM_CANDIDATE /* This could mean that device changed, losing its ID_MM_CANDIDATE
* flags (such as Bluetooth RFCOMM devices upon disconnect. * flags (such as Bluetooth RFCOMM devices upon disconnect.
* Try to forget it. */ * Try to forget it. */
@@ -297,6 +309,10 @@ device_added (MMBaseManager *manager,
return; return;
} }
/* Run port filter */
if (!mm_filter_port (manager->priv->filter, port, manual_scan))
return;
/* If already added, ignore new event */ /* If already added, ignore new event */
if (find_device_by_port (manager, port)) { if (find_device_by_port (manager, port)) {
mm_dbg ("(%s/%s): port already added", mm_dbg ("(%s/%s): port already added",
@@ -1110,6 +1126,16 @@ initable_init (GInitable *initable,
g_signal_connect (priv->udev, "uevent", G_CALLBACK (handle_uevent), initable); g_signal_connect (priv->udev, "uevent", G_CALLBACK (handle_uevent), initable);
#endif #endif
/* Create filter */
priv->filter = mm_filter_new (MM_FILTER_RULE_VIRTUAL |
MM_FILTER_RULE_NET |
MM_FILTER_RULE_CDC_WDM |
MM_FILTER_RULE_TTY |
MM_FILTER_RULE_TTY_VIRTUAL_CONSOLE |
MM_FILTER_RULE_TTY_BLACKLIST |
MM_FILTER_RULE_TTY_MANUAL_SCAN_ONLY |
MM_FILTER_RULE_TTY_PLATFORM_DRIVER);
/* Create plugin manager */ /* Create plugin manager */
priv->plugin_manager = mm_plugin_manager_new (priv->plugin_dir, error); priv->plugin_manager = mm_plugin_manager_new (priv->plugin_dir, error);
if (!priv->plugin_manager) if (!priv->plugin_manager)
@@ -1159,6 +1185,9 @@ finalize (GObject *object)
g_object_unref (priv->udev); g_object_unref (priv->udev);
#endif #endif
if (priv->filter)
g_object_unref (priv->filter);
if (priv->plugin_manager) if (priv->plugin_manager)
g_object_unref (priv->plugin_manager); g_object_unref (priv->plugin_manager);

207
src/mm-filter.c Normal file
View File

@@ -0,0 +1,207 @@
/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details:
*
* Copyright (C) 2017 Aleksander Morgado <aleksander@aleksander.es>
*/
#include <config.h>
#include <string.h>
#include "mm-daemon-enums-types.h"
#include "mm-filter.h"
#include "mm-log.h"
G_DEFINE_TYPE (MMFilter, mm_filter, G_TYPE_OBJECT)
enum {
PROP_0,
PROP_ENABLED_RULES,
LAST_PROP
};
struct _MMFilterPrivate {
MMFilterRule enabled_rules;
};
/*****************************************************************************/
gboolean
mm_filter_port (MMFilter *self,
MMKernelDevice *port,
gboolean manual_scan)
{
const gchar *subsystem;
const gchar *name;
subsystem = mm_kernel_device_get_subsystem (port);
name = mm_kernel_device_get_name (port);
/* If this is a virtual device, don't allow it */
if ((self->priv->enabled_rules & MM_FILTER_RULE_VIRTUAL) &&
(!mm_kernel_device_get_physdev_sysfs_path (port))) {
mm_dbg ("[filter] (%s/%s) port filtered: virtual device", subsystem, name);
return FALSE;
}
/* If this is a net device, we always allow it */
if ((self->priv->enabled_rules & MM_FILTER_RULE_NET) &&
(g_strcmp0 (subsystem, "net") == 0)) {
mm_dbg ("[filter] (%s/%s) port allowed: net device", subsystem, name);
return TRUE;
}
/* If this is a cdc-wdm device, we always allow it */
if ((self->priv->enabled_rules & MM_FILTER_RULE_CDC_WDM) &&
(g_strcmp0 (subsystem, "usb") == 0 || g_strcmp0 (subsystem, "usbmisc") == 0) &&
(name && g_str_has_prefix (name, "cdc-wdm"))) {
mm_dbg ("[filter] (%s/%s) port allowed: cdc-wdm device", subsystem, name);
return TRUE;
}
/* If this is a tty device, we may allow it */
if ((self->priv->enabled_rules & MM_FILTER_RULE_TTY) &&
(g_strcmp0 (subsystem, "tty") == 0)) {
const gchar *physdev_subsystem;
/* Filter out virtual consoles (e.g. tty0, tty1, tty2...) */
if ((self->priv->enabled_rules & MM_FILTER_RULE_TTY_VIRTUAL_CONSOLE) &&
(name && strncmp (name, "tty", 3) == 0) &&
(g_ascii_isdigit (name[3]))) {
mm_dbg ("[filter] (%s/%s) port filtered: virtual console", subsystem, name);
return FALSE;
}
/* Ignore blacklisted tty devices. */
if ((self->priv->enabled_rules & MM_FILTER_RULE_TTY_BLACKLIST) &&
(mm_kernel_device_get_global_property_as_boolean (port, "ID_MM_DEVICE_IGNORE"))) {
mm_dbg ("[filter] (%s/%s): port filtered: device is blacklisted", subsystem, name);
return FALSE;
}
/* Is the device in the manual-only greylist? If so, return if this is an
* automatic scan. */
if ((self->priv->enabled_rules & MM_FILTER_RULE_TTY_MANUAL_SCAN_ONLY) &&
(!manual_scan && mm_kernel_device_get_global_property_as_boolean (port, "ID_MM_DEVICE_MANUAL_SCAN_ONLY"))) {
mm_dbg ("[filter] (%s/%s): port filtered: device probed only in manual scan", subsystem, name);
return FALSE;
}
/* If the physdev is a 'platform' or 'pnp' device that's not whitelisted, ignore it */
physdev_subsystem = mm_kernel_device_get_physdev_subsystem (port);
if ((self->priv->enabled_rules & MM_FILTER_RULE_TTY_PLATFORM_DRIVER) &&
(!g_strcmp0 (physdev_subsystem, "platform") || !g_strcmp0 (physdev_subsystem, "pnp")) &&
(!mm_kernel_device_get_global_property_as_boolean (port, "ID_MM_PLATFORM_DRIVER_PROBE"))) {
mm_dbg ("[filter] (%s/%s): port filtered: port's parent platform driver is not whitelisted", subsystem, name);
return FALSE;
}
/* Otherwise, TTY probed */
return TRUE;
}
/* Otherwise forbidden */
mm_dbg ("[filter] (%s/%s) port filtered: forbidden port type", subsystem, name);
return FALSE;
}
/*****************************************************************************/
MMFilter *
mm_filter_new (MMFilterRule enabled_rules)
{
MMFilter *self;
self = g_object_new (MM_TYPE_FILTER,
MM_FILTER_ENABLED_RULES, enabled_rules,
NULL);
#define RULE_ENABLED_STR(flag) ((self->priv->enabled_rules & flag) ? "yes" : "no")
mm_dbg ("[filter] created");
mm_dbg ("[filter] virtual devices forbidden: %s", RULE_ENABLED_STR (MM_FILTER_RULE_VIRTUAL));
mm_dbg ("[filter] net devices allowed: %s", RULE_ENABLED_STR (MM_FILTER_RULE_NET));
mm_dbg ("[filter] cdc-wdm devices allowed: %s", RULE_ENABLED_STR (MM_FILTER_RULE_CDC_WDM));
mm_dbg ("[filter] tty devices allowed: %s", RULE_ENABLED_STR (MM_FILTER_RULE_TTY));
if (self->priv->enabled_rules & MM_FILTER_RULE_TTY) {
mm_dbg ("[filter] virtual consoles filtered: %s", RULE_ENABLED_STR (MM_FILTER_RULE_TTY_VIRTUAL_CONSOLE));
mm_dbg ("[filter] blacklist applied: %s", RULE_ENABLED_STR (MM_FILTER_RULE_TTY_BLACKLIST));
mm_dbg ("[filter] manual scan only applied: %s", RULE_ENABLED_STR (MM_FILTER_RULE_TTY_MANUAL_SCAN_ONLY));
mm_dbg ("[filter] platform driver check: %s", RULE_ENABLED_STR (MM_FILTER_RULE_TTY_PLATFORM_DRIVER));
}
#undef RULE_ENABLED_STR
return self;
}
static void
set_property (GObject *object,
guint prop_id,
const GValue *value,
GParamSpec *pspec)
{
MMFilter *self = MM_FILTER (object);
switch (prop_id) {
case PROP_ENABLED_RULES:
self->priv->enabled_rules = g_value_get_flags (value);
break;
default:
G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
break;
}
}
static void
get_property (GObject *object,
guint prop_id,
GValue *value,
GParamSpec *pspec)
{
MMFilter *self = MM_FILTER (object);
switch (prop_id) {
case PROP_ENABLED_RULES:
g_value_set_flags (value, self->priv->enabled_rules);
break;
default:
G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
break;
}
}
static void
mm_filter_init (MMFilter *self)
{
self->priv = G_TYPE_INSTANCE_GET_PRIVATE (self, MM_TYPE_FILTER, MMFilterPrivate);
}
static void
mm_filter_class_init (MMFilterClass *klass)
{
GObjectClass *object_class = G_OBJECT_CLASS (klass);
g_type_class_add_private (object_class, sizeof (MMFilterPrivate));
/* Virtual methods */
object_class->set_property = set_property;
object_class->get_property = get_property;
g_object_class_install_property (
object_class, PROP_ENABLED_RULES,
g_param_spec_flags (MM_FILTER_ENABLED_RULES,
"Enabled rules",
"Mask of rules enabled in the filter",
MM_TYPE_FILTER_RULE,
MM_FILTER_RULE_NONE,
G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY));
}

64
src/mm-filter.h Normal file
View File

@@ -0,0 +1,64 @@
/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details:
*
* Copyright (C) 2017 Aleksander Morgado <aleksander@aleksander.es>
*/
#ifndef MM_FILTER_H
#define MM_FILTER_H
#include <glib-object.h>
#include <gio/gio.h>
#include "mm-kernel-device.h"
#define MM_TYPE_FILTER (mm_filter_get_type ())
#define MM_FILTER(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), MM_TYPE_FILTER, MMFilter))
#define MM_FILTER_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST ((klass), MM_TYPE_FILTER, MMFilterClass))
#define MM_IS_FILTER(obj) (G_TYPE_CHECK_INSTANCE_TYPE ((obj), MM_TYPE_FILTER))
#define MM_IS_FILTER_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((obj), MM_TYPE_FILTER))
#define MM_FILTER_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS ((obj), MM_TYPE_FILTER, MMFilterClass))
#define MM_FILTER_ENABLED_RULES "enabled-rules" /* construct-only */
typedef struct _MMFilterPrivate MMFilterPrivate;
typedef struct {
GObject parent;
MMFilterPrivate *priv;
} MMFilter;
typedef struct {
GObjectClass parent;
} MMFilterClass;
GType mm_filter_get_type (void);
typedef enum { /*< underscore_name=mm_filter_rule >*/
MM_FILTER_RULE_NONE = 0,
MM_FILTER_RULE_VIRTUAL = 1 << 0,
MM_FILTER_RULE_NET = 1 << 1,
MM_FILTER_RULE_CDC_WDM = 1 << 2,
MM_FILTER_RULE_TTY = 1 << 3,
MM_FILTER_RULE_TTY_VIRTUAL_CONSOLE = 1 << 4,
MM_FILTER_RULE_TTY_BLACKLIST = 1 << 5,
MM_FILTER_RULE_TTY_MANUAL_SCAN_ONLY = 1 << 6,
MM_FILTER_RULE_TTY_PLATFORM_DRIVER = 1 << 7,
} MMFilterRule;
MMFilter *mm_filter_new (MMFilterRule enabled_rules);
gboolean mm_filter_port (MMFilter *self,
MMKernelDevice *port,
gboolean manual_scan);
#endif /* MM_FILTER_H */