colin/ModemManager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

filter: simplify CDC_WDM rule to a subsystem-only USBMISC check

Browse Source 
This is not just a rename of the rule, we also now avoid doing an
explicit check on the port name as well, and we rely on subsystem
checks only; i.e. the same logic applied for net ports.

The port candidate rules already do a 'cdc-wdm*' device name check
so it shouldn't be a big deal.
This commit is contained in:
Aleksander Morgado
2020-11-06 12:14:49 +01:00
parent 5265c0bd7c
commit 5df9ddac18
3 changed files with 17 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
docs/reference/api/ModemManager-overview.xml
View File

@@ -159,10 +159,10 @@ $ sudo udevadm trigger
</para>
</listitem>
<listitem>
<para><emphasis>MM_FILTER_RULE_CDC_WDM</emphasis></para>
<para><emphasis>MM_FILTER_RULE_USBMISC</emphasis></para>
<para>
This filter will automatically flag as allowed all cdc-wdm ports exposed by
devices. Unless there is a will to explicitly forbid the cdc-wdm ports exposed
This filter will automatically flag as allowed all cdc-wdm ports exposed in the
usbmisc subsystem. Unless there is a will to explicitly forbid the cdc-wdm ports exposed
by qmi_wwan, cdc_mbim or huawei-cdc-ncm kernel drivers, this filter should always
be enabled.
</para>
@@ -254,7 +254,7 @@ $ sudo udevadm trigger
<listitem>MM_FILTER_RULE_EXPLICIT_BLACKLIST</listitem>
<listitem>MM_FILTER_RULE_VIRTUAL</listitem>
<listitem>MM_FILTER_RULE_NET</listitem>
<listitem>MM_FILTER_RULE_CDC_WDM</listitem>
<listitem>MM_FILTER_RULE_USBMISC</listitem>
<listitem>MM_FILTER_RULE_TTY</listitem>
<listitem>MM_FILTER_RULE_TTY_BLACKLIST</listitem>
<listitem>MM_FILTER_RULE_TTY_MANUAL_SCAN_ONLY</listitem>
@@ -280,7 +280,7 @@ $ sudo udevadm trigger
<listitem>MM_FILTER_RULE_EXPLICIT_BLACKLIST</listitem>
<listitem>MM_FILTER_RULE_VIRTUAL</listitem>
<listitem>MM_FILTER_RULE_NET</listitem>
<listitem>MM_FILTER_RULE_CDC_WDM</listitem>
<listitem>MM_FILTER_RULE_USBMISC</listitem>
<listitem>MM_FILTER_RULE_TTY</listitem>
<listitem>MM_FILTER_RULE_TTY_PLATFORM_DRIVER</listitem>
<listitem>MM_FILTER_RULE_TTY_DRIVER</listitem>
@@ -307,7 +307,7 @@ $ sudo udevadm trigger
<listitem>MM_FILTER_RULE_EXPLICIT_BLACKLIST</listitem>
<listitem>MM_FILTER_RULE_VIRTUAL</listitem>
<listitem>MM_FILTER_RULE_NET</listitem>
<listitem>MM_FILTER_RULE_CDC_WDM</listitem>
<listitem>MM_FILTER_RULE_USBMISC</listitem>
<listitem>MM_FILTER_RULE_TTY</listitem>
<listitem>MM_FILTER_RULE_TTY_BLACKLIST</listitem>
<listitem>MM_FILTER_RULE_TTY_MANUAL_SCAN_ONLY</listitem>
@@ -339,7 +339,7 @@ $ sudo udevadm trigger
net and cdc-wdm ports forbidden completely:
<programlisting>
# MM_FILTER_RULE_NET=0 \
MM_FILTER_RULE_CDC_WDM=0 \
MM_FILTER_RULE_USBMISC=0 \
/usr/sbin/ModemManager --filter-policy=DEFAULT</programlisting>
</para>
<para>
@@ -348,7 +348,7 @@ $ sudo udevadm trigger
net ports (e.g. 'lo') are also being allowed.
<programlisting>
# MM_FILTER_RULE_NET=1 \
MM_FILTER_RULE_CDC_WDM=1 \
MM_FILTER_RULE_USBMISC=1 \
/usr/sbin/ModemManager --filter-policy=WHITELIST-ONLY</programlisting>
</para>
</listitem>

9
src/mm-filter.c
View File

@@ -193,10 +193,9 @@ mm_filter_port (MMFilter *self,
}
/* If this is a cdc-wdm device, we always allow it */
if ((self->priv->enabled_rules & MM_FILTER_RULE_CDC_WDM) &&
(g_strcmp0 (subsystem, "usb") == 0 || g_strcmp0 (subsystem, "usbmisc") == 0) &&
(name && g_str_has_prefix (name, "cdc-wdm"))) {
mm_obj_dbg (self, "(%s/%s) port allowed: cdc-wdm device", subsystem, name);
if ((self->priv->enabled_rules & MM_FILTER_RULE_USBMISC) &&
(g_strcmp0 (subsystem, "usb") == 0 || g_strcmp0 (subsystem, "usbmisc") == 0)) {
mm_obj_dbg (self, "(%s/%s) port allowed: usbmisc device", subsystem, name);
return TRUE;
}
@@ -449,7 +448,7 @@ mm_filter_new (MMFilterRule enabled_rules,
mm_obj_dbg (self, " plugin whitelist: %s", RULE_ENABLED_STR (MM_FILTER_RULE_PLUGIN_WHITELIST));
mm_obj_dbg (self, " virtual devices forbidden: %s", RULE_ENABLED_STR (MM_FILTER_RULE_VIRTUAL));
mm_obj_dbg (self, " net devices allowed: %s", RULE_ENABLED_STR (MM_FILTER_RULE_NET));
mm_obj_dbg (self, " cdc-wdm devices allowed: %s", RULE_ENABLED_STR (MM_FILTER_RULE_CDC_WDM));
mm_obj_dbg (self, " usbmisc devices allowed: %s", RULE_ENABLED_STR (MM_FILTER_RULE_USBMISC));
if (self->priv->enabled_rules & MM_FILTER_RULE_TTY) {
mm_obj_dbg (self, " tty devices:");
mm_obj_dbg (self, " blacklist applied: %s", RULE_ENABLED_STR (MM_FILTER_RULE_TTY_BLACKLIST));

10
src/mm-filter.h
View File

@@ -52,7 +52,7 @@ typedef enum { /*< underscore_name=mm_filter_rule >*/
MM_FILTER_RULE_PLUGIN_WHITELIST = 1 << 2,
MM_FILTER_RULE_VIRTUAL = 1 << 3,
MM_FILTER_RULE_NET = 1 << 4,
MM_FILTER_RULE_CDC_WDM = 1 << 5,
MM_FILTER_RULE_USBMISC = 1 << 5,
MM_FILTER_RULE_TTY = 1 << 6,
MM_FILTER_RULE_TTY_BLACKLIST = 1 << 7,
MM_FILTER_RULE_TTY_MANUAL_SCAN_ONLY = 1 << 8,
@@ -70,7 +70,7 @@ typedef enum { /*< underscore_name=mm_filter_rule >*/
MM_FILTER_RULE_PLUGIN_WHITELIST | \
MM_FILTER_RULE_VIRTUAL | \
MM_FILTER_RULE_NET | \
MM_FILTER_RULE_CDC_WDM | \
MM_FILTER_RULE_USBMISC | \
MM_FILTER_RULE_TTY | \
MM_FILTER_RULE_TTY_BLACKLIST | \
MM_FILTER_RULE_TTY_MANUAL_SCAN_ONLY | \
@@ -88,7 +88,7 @@ typedef enum { /*< underscore_name=mm_filter_rule >*/
MM_FILTER_RULE_EXPLICIT_BLACKLIST | \
MM_FILTER_RULE_VIRTUAL | \
MM_FILTER_RULE_NET | \
MM_FILTER_RULE_CDC_WDM | \
MM_FILTER_RULE_USBMISC | \
MM_FILTER_RULE_TTY | \
MM_FILTER_RULE_TTY_BLACKLIST | \
MM_FILTER_RULE_TTY_MANUAL_SCAN_ONLY | \
@@ -103,7 +103,7 @@ typedef enum { /*< underscore_name=mm_filter_rule >*/
MM_FILTER_RULE_PLUGIN_WHITELIST | \
MM_FILTER_RULE_VIRTUAL | \
MM_FILTER_RULE_NET | \
MM_FILTER_RULE_CDC_WDM | \
MM_FILTER_RULE_USBMISC | \
MM_FILTER_RULE_TTY | \
MM_FILTER_RULE_TTY_PLATFORM_DRIVER | \
MM_FILTER_RULE_TTY_DRIVER | \
@@ -119,7 +119,7 @@ typedef enum { /*< underscore_name=mm_filter_rule >*/
MM_FILTER_RULE_PLUGIN_WHITELIST | \
MM_FILTER_RULE_VIRTUAL | \
MM_FILTER_RULE_NET | \
MM_FILTER_RULE_CDC_WDM | \
MM_FILTER_RULE_USBMISC | \
MM_FILTER_RULE_TTY | \
MM_FILTER_RULE_TTY_BLACKLIST | \
MM_FILTER_RULE_TTY_MANUAL_SCAN_ONLY | \