[Bluetooth] Add security note for all blobs in device.mojom.
As per post-submission convo in crrev.com/c/2370094. Change-Id: I1a8ab0fd4ff9bf1b27cbfe05c36408fce9bf2438 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2402399 Commit-Queue: Ryan Hansberry <hansberry@chromium.org> Reviewed-by: Reilly Grant <reillyg@chromium.org> Reviewed-by: Daniel Cheng <dcheng@chromium.org> Cr-Commit-Position: refs/heads/master@{#805925}
This commit is contained in:
Ryan Hansberry
committed by
Commit Bot
Commit Bot
parent
b99022c3c6
commit
7226e8d829
@ -6,6 +6,13 @@ module bluetooth.mojom;
|
||||
|
||||
import "device/bluetooth/public/mojom/uuid.mojom";
|
||||
|
||||
// Important note: the byte arrays which can be accessed from this interface
|
||||
// (including "service data", "characteristics", and "descriptors") are
|
||||
// arbitrary binary blobs of data provided by a likely untrustworthy device.
|
||||
// Clients are responsible for safely parsing this information; please see
|
||||
// "The Rule of 2" (//docs/security/rule-of-2.md). C++ clients must parse these
|
||||
// blobs in a sandboxed process.
|
||||
|
||||
// Values representing the possible properties of a characteristic, which
|
||||
// define how the characteristic can be used. Each of these properties serve
|
||||
// a role as defined in the Bluetooth Specification.
|
||||
@ -61,11 +68,8 @@ struct DeviceInfo {
|
||||
bool is_gatt_connected;
|
||||
RSSIWrapper? rssi;
|
||||
|
||||
// Important note: the "service data" associated with each UUID is an
|
||||
// arbitrary binary blob of data provided by a likely untrustworthy device.
|
||||
// Clients are responsible for safely parsing this information; please see
|
||||
// "The Rule of 2" (//docs/security/rule-of-2.md). C++ clients must parse this
|
||||
// blob in a sandbox process.
|
||||
// Important: the blobs associated with each UUID are arbitrary and untrusted.
|
||||
// Please refer to the note on "The Rule of 2" at the top of this file.
|
||||
map<UUID, array<uint8>> service_data_map;
|
||||
};
|
||||
|
||||
@ -79,12 +83,18 @@ struct CharacteristicInfo {
|
||||
string id;
|
||||
UUID uuid;
|
||||
uint32 properties;
|
||||
|
||||
// Important: this blob is arbitrary and untrusted. Please refer to the note
|
||||
// on "The Rule of 2" at the top of this file.
|
||||
array<uint8> last_known_value;
|
||||
};
|
||||
|
||||
struct DescriptorInfo {
|
||||
string id;
|
||||
UUID uuid;
|
||||
|
||||
// Important: this blob is arbitrary and untrusted. Please refer to the note
|
||||
// on "The Rule of 2" at the top of this file.
|
||||
array<uint8> last_known_value;
|
||||
};
|
||||
|
||||
@ -127,12 +137,16 @@ interface Device {
|
||||
// Reads the value for the GATT Descriptor with |descriptor_id| in the GATT
|
||||
// Characteristic with |characteristic_id| in the GATT Service with
|
||||
// |service_id|.
|
||||
// Important: the returned |value| blob is arbitrary and untrusted. Please
|
||||
// refer to the note on "The Rule of 2" at the top of this file.
|
||||
ReadValueForDescriptor(string service_id, string characteristic_id,
|
||||
string descriptor_id) => (GattResult result, array<uint8>? value);
|
||||
|
||||
// Writes the |value| for the GATT Descriptor with |descriptor_id| in the GATT
|
||||
// Characteristic with |characteristic_id| in the GATT Service with
|
||||
// |service_id|.
|
||||
// Important: the returned |value| blob is arbitrary and untrusted. Please
|
||||
// refer to the note on "The Rule of 2" at the top of this file.
|
||||
WriteValueForDescriptor(string service_id, string characteristic_id,
|
||||
string descriptor_id, array<uint8> value) => (GattResult result);
|
||||
};
|
||||
|
||||
Reference in New Issue
Block a user