Disable opening network debug ports for security reasons
By default, we open up to three TCP ports that are used
for debugging purpose:
* TCP port 8872 - used for forwarding btsnoop logs at real time
Note: the port is open only if "Bluetooth HCI snoop log" is enabled
in the Developer options
* TCP port 8873 - used for HCI debugging
* TCP port 8879 - used for debugging the Bluetooth counters
Those ports are disabled by default.
To enable, the following #define should be added at the top of the
corresponding file(s): btcore/src/counter.c hci/src/btsnoop_net.c
hci/src/hci_inject.c
#define BT_NET_DEBUG TRUE
Bug: 24371736
Change-Id: I5cb43af1a5d29c331eb5ef61a24dccbe95df6f40
diff --git a/btcore/src/counter.c b/btcore/src/counter.c
index 08aa518..b88c7a2 100644
--- a/btcore/src/counter.c
+++ b/btcore/src/counter.c
@@ -257,6 +257,10 @@
}
static bool counter_socket_open(void) {
+#if (!defined(BT_NET_DEBUG) || (BT_NET_DEBUG != TRUE))
+ return true; // Disable using network sockets for security reasons
+#endif
+
assert(listen_socket_ == NULL);
assert(thread_ == NULL);
assert(clients_ == NULL);
@@ -294,6 +298,10 @@
}
static void counter_socket_close(void) {
+#if (!defined(BT_NET_DEBUG) || (BT_NET_DEBUG != TRUE))
+ return; // Disable using network sockets for security reasons
+#endif
+
socket_free(listen_socket_);
thread_free(thread_);
list_free(clients_);
diff --git a/hci/src/btsnoop_net.c b/hci/src/btsnoop_net.c
index c601da8..c6a9cd6 100644
--- a/hci/src/btsnoop_net.c
+++ b/hci/src/btsnoop_net.c
@@ -45,6 +45,10 @@
static int client_socket_ = -1;
void btsnoop_net_open() {
+#if (!defined(BT_NET_DEBUG) || (BT_NET_DEBUG != TRUE))
+ return; // Disable using network sockets for security reasons
+#endif
+
listen_thread_valid_ = (pthread_create(&listen_thread_, NULL, listen_fn_, NULL) == 0);
if (!listen_thread_valid_) {
LOG_ERROR("%s pthread_create failed: %s", __func__, strerror(errno));
@@ -54,6 +58,10 @@
}
void btsnoop_net_close() {
+#if (!defined(BT_NET_DEBUG) || (BT_NET_DEBUG != TRUE))
+ return; // Disable using network sockets for security reasons
+#endif
+
if (listen_thread_valid_) {
shutdown(listen_socket_, SHUT_RDWR);
pthread_join(listen_thread_, NULL);
@@ -63,6 +71,10 @@
}
void btsnoop_net_write(const void *data, size_t length) {
+#if (!defined(BT_NET_DEBUG) || (BT_NET_DEBUG != TRUE))
+ return; // Disable using network sockets for security reasons
+#endif
+
pthread_mutex_lock(&client_socket_lock_);
if (client_socket_ != -1) {
if (send(client_socket_, data, length, 0) == -1 && errno == ECONNRESET) {
diff --git a/hci/src/hci_inject.c b/hci/src/hci_inject.c
index a17a3d3..8ba5f98 100644
--- a/hci/src/hci_inject.c
+++ b/hci/src/hci_inject.c
@@ -61,6 +61,10 @@
static void client_free(void *ptr);
bool hci_inject_open(const hci_t *hci_interface) {
+#if (!defined(BT_NET_DEBUG) || (BT_NET_DEBUG != TRUE))
+ return true; // Disable using network sockets for security reasons
+#endif
+
assert(listen_socket == NULL);
assert(thread == NULL);
assert(clients == NULL);
@@ -92,6 +96,10 @@
}
void hci_inject_close(void) {
+#if (!defined(BT_NET_DEBUG) || (BT_NET_DEBUG != TRUE))
+ return; // Disable using network sockets for security reasons
+#endif
+
socket_free(listen_socket);
list_free(clients);
thread_free(thread);